blob: 3561eda08e699685e4d0b8e3028c3810d8ff4547 [file] [log] [blame]
// Copyright 2024 The Dawn & Tint Authors
//
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are met:
//
// 1. Redistributions of source code must retain the above copyright notice, this
// list of conditions and the following disclaimer.
//
// 2. Redistributions in binary form must reproduce the above copyright notice,
// this list of conditions and the following disclaimer in the documentation
// and/or other materials provided with the distribution.
//
// 3. Neither the name of the copyright holder nor the names of its
// contributors may be used to endorse or promote products derived from
// this software without specific prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#include "src/tint/cmd/fuzz/ir/fuzz.h"
#include "src/tint/lang/core/ir/module.h"
#include "src/tint/lang/core/ir/validator.h"
#include "src/tint/utils/result/result.h"
#if TINT_BUILD_IR_BINARY
#include "src/tint/lang/core/ir/binary/decode.h"
#include "src/tint/utils/cli/cli.h"
#include "src/tint/utils/containers/vector.h"
#include "src/tint/utils/macros/defer.h"
TINT_BEGIN_DISABLE_PROTOBUF_WARNINGS();
#include "src/libfuzzer/libfuzzer_macro.h"
#include "src/tint/cmd/fuzz/ir/fuzz.pb.h"
#include "testing/libfuzzer/proto/lpm_interface.h"
TINT_END_DISABLE_PROTOBUF_WARNINGS();
namespace {
tint::fuzz::ir::Options options;
}
DEFINE_BINARY_PROTO_FUZZER(const tint::cmd::fuzz::ir::pb::Root& pb) {
/// As the fuzzers are free to mutate the module, we need to deserialize a few module for each
/// sub-fuzzer. Because the protobuf may error when deserializing and the module may be invalid,
/// we early deserialize and validate the first module. If this fails, then we do not call
/// Run().
std::optional<tint::core::ir::Module> module;
{
auto decoded = tint::core::ir::binary::Decode(pb.module());
if (decoded != tint::Success) {
return; // Failed to decode
}
tint::core::ir::Capabilities caps;
if (tint::core::ir::Validate(decoded.Get(), caps) != tint::Success) {
return; // Failed to validate
}
module = std::move(decoded.Move());
}
auto acquire_module = [&] {
if (!module) {
auto decoded = tint::core::ir::binary::Decode(pb.module());
if (decoded != tint::Success) {
TINT_ICE() << "module successfully decoded once, then failed a subsequent time\n"
<< decoded.Failure().reason;
}
module = std::move(decoded.Move());
}
auto out = std::move(module.value());
module.reset();
return out;
};
tint::Slice<const std::byte> data(reinterpret_cast<const std::byte*>(pb.data().data()),
pb.data().length());
tint::fuzz::ir::Run(acquire_module, options, data);
}
extern "C" int LLVMFuzzerInitialize(int* argc, char*** argv) {
tint::cli::OptionSet opts;
tint::Vector<std::string_view, 8> arguments;
for (int i = 1; i < *argc; i++) {
std::string_view arg((*argv)[i]);
if (!arg.empty()) {
arguments.Push(arg);
}
}
auto show_help = [&] {
std::cerr << "Custom fuzzer options:" << '\n';
opts.ShowHelp(std::cerr);
std::cerr << '\n';
// Change args to show libfuzzer help
std::cerr << "Standard libfuzzer "; // libfuzzer will print 'Usage:'
static char help[] = "-help=1";
*argc = 2;
(*argv)[1] = help;
};
auto& opt_help = opts.Add<tint::cli::BoolOption>("help", "shows the usage");
auto& opt_filter = opts.Add<tint::cli::StringOption>(
"filter", "runs only the fuzzers with the given substring");
auto& opt_concurrent =
opts.Add<tint::cli::BoolOption>("concurrent", "runs the fuzzers concurrently");
auto& opt_verbose =
opts.Add<tint::cli::BoolOption>("verbose", "prints the name of each fuzzer before running");
tint::cli::ParseOptions parse_opts;
parse_opts.ignore_unknown = true;
if (auto res = opts.Parse(arguments, parse_opts); res != tint::Success) {
show_help();
std::cerr << res.Failure();
return 0;
}
if (opt_help.value.value_or(false)) {
show_help();
return 0;
}
options.filter = opt_filter.value.value_or("");
options.run_concurrently = opt_concurrent.value.value_or(false);
options.verbose = opt_verbose.value.value_or(false);
return 0;
}
#endif