Generating SPIR-V can cause validation failures when out-of-bounds
accesses are performed, since we are not running the robustness
transform.
Bug: chromium:1246061
Change-Id: Ied58d77d90079d10d5579d2d55854c3cfbc18db5
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63640
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: James Price <jrprice@google.com>
This CL changes the way that the resolver traverses expressions to avoid stack overflows for deeply nested expressions.
Instead of having the expression resolver methods call back into
Expression(), add a TraverseExpressions() method that collects all the
expression nodes with a simple DFS.
This currently only changes the way that Expressions are traversed. We
may need to do the same for statements.
Bug: chromium:1246375
Change-Id: Ie81905da1b790b6dd1df9f1ac42e06593d397c21
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63700
Auto-Submit: Ben Clayton <bclayton@google.com>
Reviewed-by: David Neto <dneto@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
When the magnitude is zero, then we don't care about the magnitude
of the exponent. The result value is always zero, without emitting
an error.
Fixed: tint:1166
Change-Id: I303d7c336e7ea42719571854f0a22cbfd19da32c
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63520
Kokoro: Kokoro <noreply+kokoro@google.com>
Auto-Submit: David Neto <dneto@google.com>
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
Commit-Queue: Antonio Maiorano <amaiorano@google.com>
This is easy to do while we are processing builtins in the main
transform now that we use wrapper functions.
This is step towards removing the sanitizers completely.
Change-Id: If5472ce552e3cce1e5905916eeffa8fef90461c9
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63585
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
This is the HandleModuleScopeVars() part of the MSL sanitizer moved
verbatim to a standalone transform. The transform code is unchanged,
but some expected test outputs are different as this is now tested in
isolation instead of along with the rest of the sanitizer transforms.
This is step towards removing the sanitizers completely.
Change-Id: I7be826e2119451fc2ce2891740cc94f978e7d5a1
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63583
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Use this from the HLSL and SPIR-V sanitizers, instead of duplicating
this logic for them.
This is step towards removing the sanitizers completely.
Change-Id: Ifa9f23d84fd3505d30a928c260181a699c5f1783
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63582
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
No new tests or any changes, just moving to a separate file in
preparation for adding lots more of these tests soon.
Change-Id: Iaa7eef52384e702c395a6db312fef19e22507644
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63580
Kokoro: Kokoro <noreply+kokoro@google.com>
Auto-Submit: James Price <jrprice@google.com>
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
Commit-Queue: James Price <jrprice@google.com>
Missed rename from https://dawn-review.googlesource.com/c/tint/+/63180
In a prior CL I fixed tint_ast_fuzzer_libfuzzer_options
Change-Id: I4c3bc6e2046fc986ff2ce749ecbdae2a860f8d93
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63521
Reviewed-by: Sarah Mashayekhi <sarahmashay@google.com>
Commit-Queue: Sarah Mashayekhi <sarahmashay@google.com>
Auto-Submit: Sarah Mashayekhi <sarahmashay@google.com>
Kokoro: Sarah Mashayekhi <sarahmashay@google.com>
During HexFloat parsing, if exponent was too large, we would overflow
the signed integer being used to store its value. We now use an uint32_t
to avoid UB, then convert to int32_t when it's safe to do so.
Also error out if the input exponent is > INT_MAX - 127, which ensures
we will not wrap around and produce an invalid result when adding the
exponent bias of 127.
Bug: chromium:1240048
Bug: tint:1150
Change-Id: I1b57b2c965358b803ebb68ea70b76e759cdd3939
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63120
Reviewed-by: David Neto <dneto@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Antonio Maiorano <amaiorano@google.com>
- Locally tested with each of the 6 options turned off alone, and fixed
the build.
- Added an incremental build to the Linux Kokoro build with all these
flags disabled, which will help catch a subset of build issues related
to these flags.
Bug: tint:1139
Change-Id: I40eaaea31d88879aa19eac3f17c47b7e7d7a477f
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63241
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Antonio Maiorano <amaiorano@google.com>
Adds casts to uint64_t so that a comparison between size_t and the
largest possible uint32_t value does not lead to a tautological warning
when building for i386.
Fixes tint:1162
Change-Id: Ib18140805d443d51bb7e48c9e345b21b9d5651fb
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63440
Auto-Submit: Alastair Donaldson <afdx@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Alastair Donaldson <afdx@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
BUG=tint:1098
Change-Id: I84931804515487d931bbbb5f0d5239d03ca76dfc
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63300
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Alastair Donaldson <afdx@google.com>
Refactors the CMake rules for the tint fuzzers so that when OSS-Fuzz is
controlling the build process no specific fuzzer options are used. This
allows OSS-Fuzz to fully control the fuzzing engine.
Change-Id: Ic4423b981df12e66a14ca8f53c97168ac28bfa39
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63342
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Alastair Donaldson <afdx@google.com>
Auto-Submit: Alastair Donaldson <afdx@google.com>
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
Since the APIs being tested take in strings, using
onlyascii.
Restricting the size of test cases, so that we get more
diverse smaller test cases, instead of generating 1MB of 0s.
BUG=tint:1095,tint:1096
Change-Id: I0590bf0146c3395278ead362e2add328f669aea7
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63180
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Ben Clayton <bclayton@google.com>
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ben Clayton <bclayton@google.com>
Adds a stand-alone executable that serves as an entry point for black
box fuzzing. It reads data from a given file, and then calls into the
same code that the libFuzzer fuzzer targets do.
Fixes: tint:1151
Change-Id: I23f4c5b4aa7040f434c791404136422f5c8ee12a
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63341
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Change-Id: Ib084dd47a7ad37a64d8abe9cc577f6b05b91a913
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63340
Auto-Submit: Alastair Donaldson <afdx@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Change ast::Array to use an ast::Expression for its `size` field. The
WGSL frontend now parses the array size as an `primary_expression`,
and the Resolver is responsible for validating the expression is a
signed or unsigned integer, and either a literal or a non-overridable
module-scope constant.
The Resolver evaluates the constant value of the size expression, and
so the resolved sem::Array type still has a constant size as before.
Fixed: tint:1068
Fixed: tint:1117
Change-Id: Icfa141482ea1e47ea8c21a25e9eb48221f176e9a
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63061
Auto-Submit: James Price <jrprice@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: James Price <jrprice@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
WGSL only allows literals and identifiers as arguments to
workgroup_size.
Also, change "parameter" to "argument" in the workgroup_size error
messages.
Change-Id: Ibd252a7c2f08464d9cdea62707e64a8e4f12893a
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63320
Auto-Submit: James Price <jrprice@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
We can just use the top-level EmitExpression() here.
Change-Id: I3ab346525b6d49f6a986abb5d89aa792171c1db3
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63060
Auto-Submit: James Price <jrprice@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Changes various fuzz targets so that the target back-end language (HLSL,
MSL, SPIR-V or WGSL) is no longer passed as a command line argument, but
instead baked into the fuzzer's binary. This avoids a problem whereby a
ClusterFuzz bug reproducer does not use the required back-end command
line argument.
Change-Id: I64402a23391ca0f24c9d1ffd2aa2f218cc7106b1
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63163
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Alastair Donaldson <afdx@google.com>
The clusterfuzz fuzzers are attempting to change the access control of a uniform variable, which produces a program that does not validate.
Create an error diagnostic tagged with diag::System::Transform, which the fuzzers recognise as being invalid configuration to the transform.
Fixed: chromium:1244999
Change-Id: I2d4f2dfd4f2218ac81172003872494acb027323b
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63141
Auto-Submit: Ben Clayton <bclayton@google.com>
Commit-Queue: David Neto <dneto@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: David Neto <dneto@google.com>
If enabled, will build targets in the samples subfolder, which currently
only includes the "tint" executable.
Bug: tint:1140
Change-Id: I354d9b6e39ca2cd243649effedaebe3e0b97fc2f
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63240
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Antonio Maiorano <amaiorano@google.com>
Fixes:tint:1124
Change-Id: I6cab684423081889d27b266628089c55918e1f9f
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/62320
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: David Neto <dneto@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
SPIR-V supports them but WGSL does not.
Fixed: chromium:1230976
Change-Id: I27dbbf4a0f584bcff7355bf513bbd2b924dc349b
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/62922
Auto-Submit: David Neto <dneto@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: James Price <jrprice@google.com>
Commit-Queue: James Price <jrprice@google.com>
Never create semantic types on the stack.
Always use ProgramBuilder::create().
These stack pointers have a tendency of being stored, either by other
types as sub-types, or by maps (see associated bug).
Also, there's a lot of logic that assumes that semantic types are
de-duplicated, and that you can compare pointers. Creating new instances
on the stack will break this in exciting ways.
Fixed: chromium:1243944
Change-Id: I40a652f8c424030106adad2e6531287af13c8714
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/62943
Auto-Submit: Ben Clayton <bclayton@google.com>
Commit-Queue: David Neto <dneto@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: David Neto <dneto@google.com>
While looking ahead to determine if a token is an integer, check the
number of digits to make sure that it can actually fit in the internal
representation.
This is an optimization on the existing code, to cause an early exit
and prevent pathological cases with huge integers from consuming too
much processing time, when they will never succeed.
From a functional perspective this has not effect on whether or not a
token will be accepted as an integer, so almost all of the tests do no
need an update. The one exception is a case where the lexer now
catches the invalid integer earlier in the tokenization, so the error
message is a shorter.
This does not handle the equivalent problem for float literals, though
I believe that only exists for non-hex floats.
BUG=chromium:1240715
Change-Id: I27e43711d5f5eda1d54a4128ba514f810abd0313
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/62280
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
In https://dawn-review.googlesource.com/c/tint/+/62444 the Resolver validated that there are no parameters of the same function with the same name, but this also introduced validation that errors if parameters shadow a module-scope variable.
The WGSL spec allows for shadowing, but Tint so far has not implemented this support.
There are transforms that generate functions that presume parameter <-> module-scope variable shadowing is okay. DecomposeMemoryAccess is one of these.
This fixes those transforms which could generate programs that fail validation.
Bug: chromium:1242330
Fixed: tint:1136
Change-Id: Id6ec59bbdb398b3b2a23312115a7c1dadf433e98
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/62900
Reviewed-by: James Price <jrprice@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Polyfill this for HLSL using an atomic add with the operand negated.
Fixed: tint:1130
Change-Id: Ifa32d58973f1b48593ec0f6320f47f4358a5a3a9
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/62760
Auto-Submit: James Price <jrprice@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Fuzzers that exercise the SPIR-V reader are being moved to OSS-Fuzz.
This change removes them from the Chromium build so that they cease to
be run by ClusterFuzz. The change also applies a small refactoring to
the fuzzer build rules, so that the tint_ast_clone fuzzer is specified
together with other fuzzers that require the WGSL reader and writer.
Bug: chromium:1243084
Change-Id: I4f5d12a679366634c7cad3e7ac18075bb046a8ba
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/62800
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Alastair Donaldson <afdx@google.com>
For these tests, we only really care that we can successfully consume
them and generate valid output for each backend. Having the expected
files in the tree generates significant churn for any change to how we
generate backend code, which makes it hard to inspect diffs.
Change-Id: Ic98c248081144c0fb1791f1303eaf6d459548e3d
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/62720
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: James Price <jrprice@google.com>
only picks 5 out of N.
Change-Id: I0e9d2e4bfa1050681dd88af918d040d42484f140
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/62442
Auto-Submit: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Corentin Wallez <cwallez@chromium.org>
Commit-Queue: Ben Clayton <bclayton@google.com>
These operators are not defined in the metal namespace when the vector
operands are packed.
Fixed: tint:1121
Change-Id: I2e8f4302e08117ca41bac6c05fb24a70d1215740
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/62480
Kokoro: Kokoro <noreply+kokoro@google.com>
Auto-Submit: James Price <jrprice@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
MSL vectors with other widths already match WGSL's rules for alignment
and size.
Change-Id: I237052372463ea8323eab47c3b4ca90c6d8afcc3
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/62600
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
For the Is() overload that takes a predicate function, infer the cast target type from the single parameter of the predicate.
Removes noise.
Change-Id: Ie6248c776ca1f9d50808e03e9685056fd3819217
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/62441
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Calls to functions and intrinsics that do not return a value must only be used by a call statement.
Fixed: chromium:1241460
Change-Id: I0f940c942b55a5212367dbf9e261083beb4560ec
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/62440
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: James Price <jrprice@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
This is in the metal namespace, which we import fully.
Change-Id: I986cdebbe1897ad0b433bc0260480dd8839f93e0
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/62400
Auto-Submit: James Price <jrprice@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: James Price <jrprice@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
These are never valid. The WGSL parser cannot produce them, but the
SPIR-V reader can since these are not always caught by spirv-val.
Fixed: chromium:1239557
Change-Id: Ie19e4534ffb73b61beaa42046b18b2b8a3f7f65b
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/62020
Auto-Submit: James Price <jrprice@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Sarah Mashayekhi <sarahmashay@google.com>
Reviewed-by: Sarah Mashayekhi <sarahmashay@google.com>
The storage type of an assignment has to be constructible, which
prevents stores to atomic or runtime-sized array types.
Change-Id: Ie7bb703bb4c6953a4ddf0286f39d0d3e17b5b1d2
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/61801
Kokoro: Kokoro <noreply+kokoro@google.com>
Auto-Submit: James Price <jrprice@google.com>
Reviewed-by: Sarah Mashayekhi <sarahmashay@google.com>
The type of a type constructor must be constructible, which forbids
atomics. Add checks for non-constructible types when validating arrays
and structures, and then error on any type that isn't explicitly
matched in the outer function. Replaces the separate check for
pointers, which is no longer necessary.
This also removes the validation for "an expression must not evaluate
to an atomic type". The only test that we had for this is no longer
valid (since the type constructor it used is now rejected). There are
no other ways of hitting this particular error, since other validation
rules will always kick in first.
Change-Id: I2172b57ee4e8ee3066aaf0cedc4a26aaca642376
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/61800
Kokoro: Kokoro <noreply+kokoro@google.com>
Auto-Submit: James Price <jrprice@google.com>
Commit-Queue: Sarah Mashayekhi <sarahmashay@google.com>
Reviewed-by: Sarah Mashayekhi <sarahmashay@google.com>
Remap all resources into a flat namespace, to allow tests to pass when
multiple resources use the same binding number.
Fixed: tint:959
Change-Id: I58ed07c789e1ea90fc370ceba73b9d8292902549
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/61261
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: James Price <jrprice@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
James Price
Ben Clayton
David Neto
Sarah
Antonio Maiorano
Alastair Donaldson
Ryan Harrison