[tint][fuzz][ir] Add BinaryPolyfill fuzzer
Bug: tint:2223
Change-Id: I2686cc64830c689ac0fa59b4f74e93f5cb629e42
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/185108
Commit-Queue: Ben Clayton <bclayton@google.com>
Reviewed-by: James Price <jrprice@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
diff --git a/src/tint/lang/core/ir/transform/BUILD.cmake b/src/tint/lang/core/ir/transform/BUILD.cmake
index 4dd00d4..81359eb 100644
--- a/src/tint/lang/core/ir/transform/BUILD.cmake
+++ b/src/tint/lang/core/ir/transform/BUILD.cmake
@@ -187,6 +187,7 @@
tint_add_target(tint_lang_core_ir_transform_fuzz fuzz
lang/core/ir/transform/add_empty_entry_point_fuzz.cc
lang/core/ir/transform/bgra8unorm_polyfill_fuzz.cc
+ lang/core/ir/transform/binary_polyfill_fuzz.cc
)
tint_target_add_dependencies(tint_lang_core_ir_transform_fuzz fuzz
diff --git a/src/tint/lang/core/ir/transform/BUILD.gn b/src/tint/lang/core/ir/transform/BUILD.gn
index ef915c8..030af25 100644
--- a/src/tint/lang/core/ir/transform/BUILD.gn
+++ b/src/tint/lang/core/ir/transform/BUILD.gn
@@ -180,6 +180,7 @@
sources = [
"add_empty_entry_point_fuzz.cc",
"bgra8unorm_polyfill_fuzz.cc",
+ "binary_polyfill_fuzz.cc",
]
deps = [
"${tint_src_dir}/cmd/fuzz/ir:fuzz",
diff --git a/src/tint/lang/core/ir/transform/binary_polyfill.h b/src/tint/lang/core/ir/transform/binary_polyfill.h
index 82fe8d5..1ff8efd 100644
--- a/src/tint/lang/core/ir/transform/binary_polyfill.h
+++ b/src/tint/lang/core/ir/transform/binary_polyfill.h
@@ -30,6 +30,7 @@
#include <string>
+#include "src/tint/utils/reflection/reflection.h"
#include "src/tint/utils/result/result.h"
// Forward declarations.
@@ -45,6 +46,9 @@
bool bitshift_modulo = false;
/// Should integer divide and modulo be polyfilled to avoid DBZ and integer overflow?
bool int_div_mod = false;
+
+ /// Reflection for this class
+ TINT_REFLECT(BinaryPolyfillConfig, bitshift_modulo, int_div_mod);
};
/// BinaryPolyfill is a transform that modifies binary instructions to prepare them for raising to
diff --git a/src/tint/lang/core/ir/transform/binary_polyfill_fuzz.cc b/src/tint/lang/core/ir/transform/binary_polyfill_fuzz.cc
new file mode 100644
index 0000000..13875ea
--- /dev/null
+++ b/src/tint/lang/core/ir/transform/binary_polyfill_fuzz.cc
@@ -0,0 +1,50 @@
+// Copyright 2024 The Dawn & Tint Authors
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// 3. Neither the name of the copyright holder nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#include "src/tint/lang/core/ir/transform/binary_polyfill.h"
+
+#include "src/tint/cmd/fuzz/ir/fuzz.h"
+#include "src/tint/lang/core/ir/validator.h"
+
+namespace tint::core::ir::transform {
+namespace {
+
+void BinaryPolyfillFuzzer(Module& module, BinaryPolyfillConfig config) {
+ if (auto res = BinaryPolyfill(module, config); res != Success) {
+ return;
+ }
+
+ Capabilities capabilities;
+ if (auto res = Validate(module, capabilities); res != Success) {
+ TINT_ICE() << "result of BinaryPolyfill failed IR validation\n" << res.Failure();
+ }
+}
+
+} // namespace
+} // namespace tint::core::ir::transform
+
+TINT_IR_MODULE_FUZZER(tint::core::ir::transform::BinaryPolyfillFuzzer);