[tint] Add a SingleEntryPoint fuzzer
This transform is not run as part of the backends, so make sure we
have dedicated fuzzing coverage for it.
Make the "entry point not found" error a soft error rather than an
ICE, so that it doesn't cause a fuzzer failure.
Change-Id: Id557895e83138b43b47797c8d623013027550173
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/244159
Commit-Queue: dan sinclair <dsinclair@chromium.org>
Reviewed-by: dan sinclair <dsinclair@chromium.org>
Commit-Queue: James Price <jrprice@google.com>
Auto-Submit: James Price <jrprice@google.com>
diff --git a/src/tint/lang/core/ir/transform/BUILD.cmake b/src/tint/lang/core/ir/transform/BUILD.cmake
index f9275382..de4583d 100644
--- a/src/tint/lang/core/ir/transform/BUILD.cmake
+++ b/src/tint/lang/core/ir/transform/BUILD.cmake
@@ -202,6 +202,7 @@
lang/core/ir/transform/remove_terminator_args_fuzz.cc
lang/core/ir/transform/rename_conflicts_fuzz.cc
lang/core/ir/transform/robustness_fuzz.cc
+ lang/core/ir/transform/single_entry_point_fuzz.cc
lang/core/ir/transform/std140_fuzz.cc
lang/core/ir/transform/substitute_overrides_fuzz.cc
lang/core/ir/transform/value_to_let_fuzz.cc
diff --git a/src/tint/lang/core/ir/transform/BUILD.gn b/src/tint/lang/core/ir/transform/BUILD.gn
index 07d63bd..3e4098f 100644
--- a/src/tint/lang/core/ir/transform/BUILD.gn
+++ b/src/tint/lang/core/ir/transform/BUILD.gn
@@ -197,6 +197,7 @@
"remove_terminator_args_fuzz.cc",
"rename_conflicts_fuzz.cc",
"robustness_fuzz.cc",
+ "single_entry_point_fuzz.cc",
"std140_fuzz.cc",
"substitute_overrides_fuzz.cc",
"value_to_let_fuzz.cc",
diff --git a/src/tint/lang/core/ir/transform/single_entry_point.cc b/src/tint/lang/core/ir/transform/single_entry_point.cc
index 040f2a00..29e6e03 100644
--- a/src/tint/lang/core/ir/transform/single_entry_point.cc
+++ b/src/tint/lang/core/ir/transform/single_entry_point.cc
@@ -38,7 +38,7 @@
namespace {
-void Run(ir::Module& ir, std::string_view entry_point_name) {
+Result<SuccessType> Run(ir::Module& ir, std::string_view entry_point_name) {
// Find the entry point.
ir::Function* entry_point = nullptr;
for (auto& func : ir.functions) {
@@ -53,7 +53,9 @@
}
}
if (!entry_point) {
- TINT_ICE() << "entry point '" << entry_point_name << "' not found";
+ StringStream err;
+ err << "entry point '" << entry_point_name << "' not found";
+ return Failure{err.str()};
}
// Remove unused functions.
@@ -90,23 +92,20 @@
}
inst = prev;
}
+
+ return Success;
}
} // namespace
Result<SuccessType> SingleEntryPoint(Module& ir, std::string_view entry_point_name) {
- auto result = ValidateAndDumpIfNeeded(ir, "core.SingleEntryPoint",
- Capabilities{
- Capability::kAllowMultipleEntryPoints,
- Capability::kAllowOverrides,
- });
+ auto result =
+ ValidateAndDumpIfNeeded(ir, "core.SingleEntryPoint", kSingleEntryPointCapabilities);
if (result != Success) {
return result.Failure();
}
- Run(ir, entry_point_name);
-
- return Success;
+ return Run(ir, entry_point_name);
}
} // namespace tint::core::ir::transform
diff --git a/src/tint/lang/core/ir/transform/single_entry_point.h b/src/tint/lang/core/ir/transform/single_entry_point.h
index 6869afa..7369eba 100644
--- a/src/tint/lang/core/ir/transform/single_entry_point.h
+++ b/src/tint/lang/core/ir/transform/single_entry_point.h
@@ -28,6 +28,7 @@
#ifndef SRC_TINT_LANG_CORE_IR_TRANSFORM_SINGLE_ENTRY_POINT_H_
#define SRC_TINT_LANG_CORE_IR_TRANSFORM_SINGLE_ENTRY_POINT_H_
+#include "src/tint/lang/core/ir/validator.h"
#include "src/tint/utils/result.h"
// Forward declarations.
@@ -37,6 +38,12 @@
namespace tint::core::ir::transform {
+/// The capabilities that the transform can support.
+const Capabilities kSingleEntryPointCapabilities{
+ Capability::kAllowMultipleEntryPoints,
+ Capability::kAllowOverrides,
+};
+
/// Strip a module down to a single entry point, removing any unused functions and module-scope
/// declarations.
/// @param module the module to transform
diff --git a/src/tint/lang/core/ir/transform/single_entry_point_fuzz.cc b/src/tint/lang/core/ir/transform/single_entry_point_fuzz.cc
new file mode 100644
index 0000000..1dc8a0f
--- /dev/null
+++ b/src/tint/lang/core/ir/transform/single_entry_point_fuzz.cc
@@ -0,0 +1,46 @@
+// Copyright 2025 The Dawn & Tint Authors
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// 3. Neither the name of the copyright holder nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#include "src/tint/lang/core/ir/transform/single_entry_point.h"
+
+#include "src/tint/cmd/fuzz/ir/fuzz.h"
+#include "src/tint/lang/core/ir/validator.h"
+
+namespace tint::core::ir::transform {
+namespace {
+
+Result<SuccessType> SingleEntryPointFuzzer(Module& module,
+ const fuzz::ir::Context&,
+ std::string name) {
+ return SingleEntryPoint(module, name);
+}
+
+} // namespace
+} // namespace tint::core::ir::transform
+
+TINT_IR_MODULE_FUZZER(tint::core::ir::transform::SingleEntryPointFuzzer,
+ tint::core::ir::transform::kSingleEntryPointCapabilities);
diff --git a/src/tint/lang/core/ir/transform/single_entry_point_test.cc b/src/tint/lang/core/ir/transform/single_entry_point_test.cc
index d376bb2..9636a83 100644
--- a/src/tint/lang/core/ir/transform/single_entry_point_test.cc
+++ b/src/tint/lang/core/ir/transform/single_entry_point_test.cc
@@ -84,7 +84,6 @@
return var->Result();
}
};
-using IR_SingleEntryPointDeathTest = IR_SingleEntryPointTest;
TEST_F(IR_SingleEntryPointTest, EntryPointNotFound) {
EntryPoint("main");
@@ -99,7 +98,9 @@
EXPECT_EQ(src, str());
- EXPECT_DEATH_IF_SUPPORTED({ Run(SingleEntryPoint, "foo"); }, "internal compiler error");
+ auto result = SingleEntryPoint(mod, "foo");
+ ASSERT_TRUE(result != Success);
+ EXPECT_EQ(result.Failure().reason, "entry point 'foo' not found");
}
TEST_F(IR_SingleEntryPointTest, NoChangesNeeded) {
