[tint][ir] Limit size of arrays being decoded from binary
Moves a couple of limits to a common utility location and has the IR
binary decode fail if these are violated. This helps reduces timeouts
when running the IR fuzzer.
Fixes: 374790907
Change-Id: Icd1ebbd022e9665abd3113e77026390e0785bf19
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/212014
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: dan sinclair <dsinclair@chromium.org>
Commit-Queue: dan sinclair <dsinclair@chromium.org>
diff --git a/src/tint/lang/core/ir/binary/BUILD.bazel b/src/tint/lang/core/ir/binary/BUILD.bazel
index 864c3d5..913d2e0 100644
--- a/src/tint/lang/core/ir/binary/BUILD.bazel
+++ b/src/tint/lang/core/ir/binary/BUILD.bazel
@@ -53,6 +53,7 @@
"//src/tint/lang/core/intrinsic",
"//src/tint/lang/core/ir",
"//src/tint/lang/core/type",
+ "//src/tint/utils/constants",
"//src/tint/utils/containers",
"//src/tint/utils/diagnostic",
"//src/tint/utils/ice",
diff --git a/src/tint/lang/core/ir/binary/BUILD.cmake b/src/tint/lang/core/ir/binary/BUILD.cmake
index d5bba70..84dbc2b 100644
--- a/src/tint/lang/core/ir/binary/BUILD.cmake
+++ b/src/tint/lang/core/ir/binary/BUILD.cmake
@@ -54,6 +54,7 @@
tint_lang_core_intrinsic
tint_lang_core_ir
tint_lang_core_type
+ tint_utils_constants
tint_utils_containers
tint_utils_diagnostic
tint_utils_ice
diff --git a/src/tint/lang/core/ir/binary/BUILD.gn b/src/tint/lang/core/ir/binary/BUILD.gn
index c708fa1..1374d32 100644
--- a/src/tint/lang/core/ir/binary/BUILD.gn
+++ b/src/tint/lang/core/ir/binary/BUILD.gn
@@ -58,6 +58,7 @@
"${tint_src_dir}/lang/core/intrinsic",
"${tint_src_dir}/lang/core/ir",
"${tint_src_dir}/lang/core/type",
+ "${tint_src_dir}/utils/constants",
"${tint_src_dir}/utils/containers",
"${tint_src_dir}/utils/diagnostic",
"${tint_src_dir}/utils/ice",
diff --git a/src/tint/lang/core/ir/binary/decode.cc b/src/tint/lang/core/ir/binary/decode.cc
index 8497775..c866f96 100644
--- a/src/tint/lang/core/ir/binary/decode.cc
+++ b/src/tint/lang/core/ir/binary/decode.cc
@@ -44,6 +44,7 @@
#include "src/tint/lang/core/type/sampled_texture.h"
#include "src/tint/lang/core/type/storage_texture.h"
#include "src/tint/lang/core/type/vector.h"
+#include "src/tint/utils/constants/internal_limits.h"
#include "src/tint/utils/containers/hashset.h"
#include "src/tint/utils/containers/transform.h"
#include "src/tint/utils/diagnostic/diagnostic.h"
@@ -832,6 +833,12 @@
Error() << "array element stride is smaller than the implicit stride";
return mod_out_.Types().invalid();
}
+ if (count >= internal_limits::kMaxArrayElementCount) {
+ Error() << "array count (" << count << ") must be less than "
+ << internal_limits::kMaxArrayElementCount;
+ return mod_out_.Types().invalid();
+ }
+
return count > 0 ? mod_out_.Types().array(element, count, stride)
: mod_out_.Types().runtime_array(element, stride);
}
@@ -1100,6 +1107,11 @@
Error() << "cannot create a splat of type " << type->FriendlyName();
return b.InvalidConstant()->Value();
}
+ if (DAWN_UNLIKELY(num_elements > internal_limits::kMaxArrayConstructorElements)) {
+ Error() << "array constructor has excessive number of elements (>"
+ << internal_limits::kMaxArrayConstructorElements << ")";
+ return b.InvalidConstant()->Value();
+ }
auto* value = ConstantValue(splat_in.elements());
for (uint32_t i = 0; i < num_elements; i++) {
auto* el_type = type->Element(i);
diff --git a/src/tint/lang/wgsl/resolver/BUILD.bazel b/src/tint/lang/wgsl/resolver/BUILD.bazel
index fcf6ced..810a07b 100644
--- a/src/tint/lang/wgsl/resolver/BUILD.bazel
+++ b/src/tint/lang/wgsl/resolver/BUILD.bazel
@@ -71,6 +71,7 @@
"//src/tint/lang/wgsl/intrinsic",
"//src/tint/lang/wgsl/program",
"//src/tint/lang/wgsl/sem",
+ "//src/tint/utils/constants",
"//src/tint/utils/containers",
"//src/tint/utils/diagnostic",
"//src/tint/utils/ice",
diff --git a/src/tint/lang/wgsl/resolver/BUILD.cmake b/src/tint/lang/wgsl/resolver/BUILD.cmake
index 80770f2..b994265 100644
--- a/src/tint/lang/wgsl/resolver/BUILD.cmake
+++ b/src/tint/lang/wgsl/resolver/BUILD.cmake
@@ -70,6 +70,7 @@
tint_lang_wgsl_intrinsic
tint_lang_wgsl_program
tint_lang_wgsl_sem
+ tint_utils_constants
tint_utils_containers
tint_utils_diagnostic
tint_utils_ice
diff --git a/src/tint/lang/wgsl/resolver/BUILD.gn b/src/tint/lang/wgsl/resolver/BUILD.gn
index e812502..b1711ef 100644
--- a/src/tint/lang/wgsl/resolver/BUILD.gn
+++ b/src/tint/lang/wgsl/resolver/BUILD.gn
@@ -76,6 +76,7 @@
"${tint_src_dir}/lang/wgsl/intrinsic",
"${tint_src_dir}/lang/wgsl/program",
"${tint_src_dir}/lang/wgsl/sem",
+ "${tint_src_dir}/utils/constants",
"${tint_src_dir}/utils/containers",
"${tint_src_dir}/utils/diagnostic",
"${tint_src_dir}/utils/ice",
diff --git a/src/tint/lang/wgsl/resolver/resolver.cc b/src/tint/lang/wgsl/resolver/resolver.cc
index 71397c2..268cfd2 100644
--- a/src/tint/lang/wgsl/resolver/resolver.cc
+++ b/src/tint/lang/wgsl/resolver/resolver.cc
@@ -105,6 +105,7 @@
#include "src/tint/lang/wgsl/sem/value_conversion.h"
#include "src/tint/lang/wgsl/sem/variable.h"
#include "src/tint/lang/wgsl/sem/while_statement.h"
+#include "src/tint/utils/constants/internal_limits.h"
#include "src/tint/utils/containers/reverse.h"
#include "src/tint/utils/containers/transform.h"
#include "src/tint/utils/containers/vector.h"
@@ -128,7 +129,6 @@
using CtorConvIntrinsic = wgsl::intrinsic::CtorConv;
using OverloadFlag = core::intrinsic::OverloadFlag;
-constexpr int64_t kMaxArrayElementCount = 65536;
constexpr uint32_t kMaxStatementDepth = 127;
constexpr size_t kMaxNestDepthOfCompositeType = 255;
@@ -4975,9 +4975,9 @@
}
auto count = arr->ConstantCount();
- if (count.has_value() && count.value() >= kMaxArrayElementCount) {
+ if (count.has_value() && count.value() >= internal_limits::kMaxArrayElementCount) {
AddError(usage) << "array count (" << count.value() << ") must be less than "
- << kMaxArrayElementCount;
+ << internal_limits::kMaxArrayElementCount;
return false;
}
}
diff --git a/src/tint/lang/wgsl/resolver/validator.cc b/src/tint/lang/wgsl/resolver/validator.cc
index e5bb5bb..156b004 100644
--- a/src/tint/lang/wgsl/resolver/validator.cc
+++ b/src/tint/lang/wgsl/resolver/validator.cc
@@ -83,6 +83,7 @@
#include "src/tint/lang/wgsl/sem/value_conversion.h"
#include "src/tint/lang/wgsl/sem/variable.h"
#include "src/tint/lang/wgsl/sem/while_statement.h"
+#include "src/tint/utils/constants/internal_limits.h"
#include "src/tint/utils/containers/map.h"
#include "src/tint/utils/containers/reverse.h"
#include "src/tint/utils/containers/transform.h"
@@ -99,7 +100,6 @@
namespace tint::resolver {
namespace {
-constexpr size_t kMaxArrayConstructorElements = 32767;
constexpr size_t kMaxFunctionParameters = 255;
constexpr size_t kMaxSwitchCaseSelectors = 16383;
constexpr size_t kMaxClipDistancesSize = 8;
@@ -2167,6 +2167,12 @@
bool Validator::ArrayConstructor(const ast::CallExpression* ctor,
const sem::Array* array_type) const {
auto& values = ctor->args;
+ if (values.Length() > internal_limits::kMaxArrayConstructorElements) {
+ AddError(ctor->target->source) << "array constructor has excessive number of elements (>"
+ << internal_limits::kMaxArrayConstructorElements << ")";
+ return false;
+ }
+
auto* elem_ty = array_type->ElemType();
for (auto* value : values) {
auto* value_ty = sem_.TypeOf(value)->UnwrapRef();
@@ -2206,11 +2212,6 @@
<< count << ", found " << values.Length();
return false;
}
- if (values.Length() > kMaxArrayConstructorElements) {
- AddError(ctor->target->source) << "array constructor has excessive number of elements (>"
- << kMaxArrayConstructorElements << ")";
- return false;
- }
return true;
}
diff --git a/src/tint/utils/BUILD.cmake b/src/tint/utils/BUILD.cmake
index 4b2c2df..48d98c7 100644
--- a/src/tint/utils/BUILD.cmake
+++ b/src/tint/utils/BUILD.cmake
@@ -37,6 +37,7 @@
include(utils/bytes/BUILD.cmake)
include(utils/cli/BUILD.cmake)
include(utils/command/BUILD.cmake)
+include(utils/constants/BUILD.cmake)
include(utils/containers/BUILD.cmake)
include(utils/debug/BUILD.cmake)
include(utils/diagnostic/BUILD.cmake)
diff --git a/src/tint/utils/constants/BUILD.bazel b/src/tint/utils/constants/BUILD.bazel
new file mode 100644
index 0000000..b375ee0
--- /dev/null
+++ b/src/tint/utils/constants/BUILD.bazel
@@ -0,0 +1,52 @@
+# Copyright 2024 The Dawn & Tint Authors
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice, this
+# list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright notice,
+# this list of conditions and the following disclaimer in the documentation
+# and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the copyright holder nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+################################################################################
+# File generated by 'tools/src/cmd/gen' using the template:
+# tools/src/cmd/gen/build/BUILD.bazel.tmpl
+#
+# To regenerate run: './tools/run gen'
+#
+# Do not modify this file directly
+################################################################################
+
+load("//src/tint:flags.bzl", "COPTS")
+load("@bazel_skylib//lib:selects.bzl", "selects")
+cc_library(
+ name = "constants",
+ srcs = [
+ "internal_limits.cc",
+ ],
+ hdrs = [
+ "internal_limits.h",
+ ],
+ deps = [
+ ],
+ copts = COPTS,
+ visibility = ["//visibility:public"],
+)
+
diff --git a/src/tint/utils/constants/BUILD.cmake b/src/tint/utils/constants/BUILD.cmake
new file mode 100644
index 0000000..f7b2c5f
--- /dev/null
+++ b/src/tint/utils/constants/BUILD.cmake
@@ -0,0 +1,44 @@
+# Copyright 2024 The Dawn & Tint Authors
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice, this
+# list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright notice,
+# this list of conditions and the following disclaimer in the documentation
+# and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the copyright holder nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+################################################################################
+# File generated by 'tools/src/cmd/gen' using the template:
+# tools/src/cmd/gen/build/BUILD.cmake.tmpl
+#
+# To regenerate run: './tools/run gen'
+#
+# Do not modify this file directly
+################################################################################
+
+################################################################################
+# Target: tint_utils_constants
+# Kind: lib
+################################################################################
+tint_add_target(tint_utils_constants lib
+ utils/constants/internal_limits.cc
+ utils/constants/internal_limits.h
+)
diff --git a/src/tint/utils/constants/BUILD.gn b/src/tint/utils/constants/BUILD.gn
new file mode 100644
index 0000000..68d47bd
--- /dev/null
+++ b/src/tint/utils/constants/BUILD.gn
@@ -0,0 +1,48 @@
+# Copyright 2024 The Dawn & Tint Authors
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice, this
+# list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright notice,
+# this list of conditions and the following disclaimer in the documentation
+# and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the copyright holder nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+################################################################################
+# File generated by 'tools/src/cmd/gen' using the template:
+# tools/src/cmd/gen/build/BUILD.gn.tmpl
+#
+# To regenerate run: './tools/run gen'
+#
+# Do not modify this file directly
+################################################################################
+
+import("../../../../scripts/dawn_overrides_with_defaults.gni")
+import("../../../../scripts/tint_overrides_with_defaults.gni")
+
+import("${tint_src_dir}/tint.gni")
+
+libtint_source_set("constants") {
+ sources = [
+ "internal_limits.cc",
+ "internal_limits.h",
+ ]
+ deps = []
+}
diff --git a/src/tint/utils/constants/internal_limits.cc b/src/tint/utils/constants/internal_limits.cc
new file mode 100644
index 0000000..4f3c911
--- /dev/null
+++ b/src/tint/utils/constants/internal_limits.cc
@@ -0,0 +1,35 @@
+// Copyright 2024 The Dawn & Tint Authors
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// 3. Neither the name of the copyright holder nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#include "src/tint/utils/constants/internal_limits.h"
+
+#if defined(__clang__)
+#pragma clang diagnostic ignored "-Wmissing-variable-declarations"
+#endif
+
+// A placeholder symbol used to emit a symbol for this lib target.
+int tint_utils_constants_internal_limits_symbol = 1;
diff --git a/src/tint/utils/constants/internal_limits.h b/src/tint/utils/constants/internal_limits.h
new file mode 100644
index 0000000..fab1aee
--- /dev/null
+++ b/src/tint/utils/constants/internal_limits.h
@@ -0,0 +1,49 @@
+// Copyright 2024 The Dawn & Tint Authors
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// 3. Neither the name of the copyright holder nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#ifndef SRC_TINT_UTILS_CONSTANTS_INTERNAL_LIMITS_H_
+#define SRC_TINT_UTILS_CONSTANTS_INTERNAL_LIMITS_H_
+
+#include <cstddef>
+#include <cstdint>
+
+// Contains constants for internal limits used within Tint. These limits are not specified in the
+// WGSL spec, but are practical heuristics to limit certain operations that are known to cause
+// memory or runtime issues, i.e. creation of arrays with 100k elements that cause IR binary
+// decoding to take pathologically long times to run.
+
+namespace tint::internal_limits {
+
+// Limits the number of elements appearing in the constructor for an array
+constexpr size_t kMaxArrayConstructorElements = 32767;
+
+// Limits the number of elements in an array type
+constexpr int64_t kMaxArrayElementCount = 65536;
+
+} // namespace tint::internal_limits
+
+#endif // SRC_TINT_UTILS_CONSTANTS_INTERNAL_LIMITS_H_
