[tint][fuzz][ast] Add ArrayLengthFromUniform fuzzer
Bug: tint:2223
Change-Id: I35ebfec8230d5ae64efbdd27f4f7e47853fe4692
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/185104
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: James Price <jrprice@google.com>
diff --git a/src/tint/lang/wgsl/ast/transform/BUILD.cmake b/src/tint/lang/wgsl/ast/transform/BUILD.cmake
index 05dae10..13dc91b 100644
--- a/src/tint/lang/wgsl/ast/transform/BUILD.cmake
+++ b/src/tint/lang/wgsl/ast/transform/BUILD.cmake
@@ -250,10 +250,12 @@
tint_add_target(tint_lang_wgsl_ast_transform_fuzz fuzz
lang/wgsl/ast/transform/add_block_attribute_fuzz.cc
lang/wgsl/ast/transform/add_empty_entry_point_fuzz.cc
+ lang/wgsl/ast/transform/array_length_from_uniform_fuzz.cc
lang/wgsl/ast/transform/zero_init_workgroup_memory_fuzz.cc
)
tint_target_add_dependencies(tint_lang_wgsl_ast_transform_fuzz fuzz
+ tint_api_common
tint_lang_core
tint_lang_core_constant
tint_lang_core_type
diff --git a/src/tint/lang/wgsl/ast/transform/BUILD.gn b/src/tint/lang/wgsl/ast/transform/BUILD.gn
index 7b2d224..63bcb03 100644
--- a/src/tint/lang/wgsl/ast/transform/BUILD.gn
+++ b/src/tint/lang/wgsl/ast/transform/BUILD.gn
@@ -240,9 +240,11 @@
sources = [
"add_block_attribute_fuzz.cc",
"add_empty_entry_point_fuzz.cc",
+ "array_length_from_uniform_fuzz.cc",
"zero_init_workgroup_memory_fuzz.cc",
]
deps = [
+ "${tint_src_dir}/api/common",
"${tint_src_dir}/lang/core",
"${tint_src_dir}/lang/core/constant",
"${tint_src_dir}/lang/core/type",
diff --git a/src/tint/lang/wgsl/ast/transform/array_length_from_uniform.cc b/src/tint/lang/wgsl/ast/transform/array_length_from_uniform.cc
index 1cb8c08..636f8f3 100644
--- a/src/tint/lang/wgsl/ast/transform/array_length_from_uniform.cc
+++ b/src/tint/lang/wgsl/ast/transform/array_length_from_uniform.cc
@@ -90,7 +90,7 @@
/// @param program the source program
/// @param in the input transform data
/// @param out the output transform data
- explicit State(const Program& program, const DataMap& in, DataMap& out)
+ State(const Program& program, const DataMap& in, DataMap& out)
: src(program), outputs(out), cfg(in.Get<Config>()) {}
/// Runs the transform
@@ -333,6 +333,7 @@
return State{src, inputs, outputs}.Run();
}
+ArrayLengthFromUniform::Config::Config() = default;
ArrayLengthFromUniform::Config::Config(BindingPoint ubo_bp) : ubo_binding(ubo_bp) {}
ArrayLengthFromUniform::Config::Config(const Config&) = default;
ArrayLengthFromUniform::Config& ArrayLengthFromUniform::Config::operator=(const Config&) = default;
diff --git a/src/tint/lang/wgsl/ast/transform/array_length_from_uniform.h b/src/tint/lang/wgsl/ast/transform/array_length_from_uniform.h
index 12d05fb..ed3191e 100644
--- a/src/tint/lang/wgsl/ast/transform/array_length_from_uniform.h
+++ b/src/tint/lang/wgsl/ast/transform/array_length_from_uniform.h
@@ -33,6 +33,7 @@
#include "src/tint/api/common/binding_point.h"
#include "src/tint/lang/wgsl/ast/transform/transform.h"
+#include "src/tint/utils/reflection/reflection.h"
namespace tint::ast::transform {
@@ -70,6 +71,9 @@
/// Configuration options for the ArrayLengthFromUniform transform.
struct Config final : public Castable<Config, Data> {
/// Constructor
+ Config();
+
+ /// Constructor
/// @param ubo_bp the binding point to use for the generated uniform buffer.
explicit Config(BindingPoint ubo_bp);
@@ -88,6 +92,9 @@
/// The mapping from binding point to the index for the buffer size lookup.
std::unordered_map<BindingPoint, uint32_t> bindpoint_to_size_index;
+
+ /// Reflection for this class
+ TINT_REFLECT(Config, ubo_binding, bindpoint_to_size_index);
};
/// Information produced about what the transform did.
diff --git a/src/tint/lang/wgsl/ast/transform/array_length_from_uniform_fuzz.cc b/src/tint/lang/wgsl/ast/transform/array_length_from_uniform_fuzz.cc
new file mode 100644
index 0000000..525f57e
--- /dev/null
+++ b/src/tint/lang/wgsl/ast/transform/array_length_from_uniform_fuzz.cc
@@ -0,0 +1,83 @@
+// Copyright 2024 The Dawn & Tint Authors
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// 3. Neither the name of the copyright holder nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#include "src/tint/cmd/fuzz/wgsl/fuzz.h"
+#include "src/tint/lang/core/type/pointer.h"
+#include "src/tint/lang/wgsl/ast/let.h"
+#include "src/tint/lang/wgsl/ast/module.h"
+#include "src/tint/lang/wgsl/ast/transform/array_length_from_uniform.h"
+#include "src/tint/lang/wgsl/sem/variable.h"
+
+namespace tint::ast::transform {
+namespace {
+
+bool CanRun(const Program& program, const ArrayLengthFromUniform::Config& config) {
+ // The ArrayLengthFromUniform depends on SimplifyPointers, and cannot handle pointers to arrays
+ // via lets (directly or via struct pointers). Reject all shaders with pointer lets.
+ for (auto* node : program.ASTNodes().Objects()) {
+ if (auto* let = node->As<ast::Let>()) {
+ if (auto* sem = program.Sem().Get(let)) {
+ if (auto* ptr = sem->Type()->As<core::type::Pointer>()) {
+ return false;
+ }
+ }
+ }
+ }
+
+ for (auto& global : program.AST().GlobalVariables()) {
+ if (auto* sem = program.Sem().Get<sem::GlobalVariable>(global)) {
+ if (sem->Attributes().binding_point == config.ubo_binding) {
+ // Might cause binding point collision
+ return false;
+ }
+ }
+ }
+ return true;
+}
+
+void ArrayLengthFromUniformFuzzer(const Program& program,
+ const ArrayLengthFromUniform::Config& config) {
+ if (!CanRun(program, config)) {
+ return;
+ }
+
+ DataMap inputs;
+ inputs.Add<ArrayLengthFromUniform::Config>(std::move(config));
+
+ DataMap outputs;
+ if (auto result = ArrayLengthFromUniform{}.Apply(program, inputs, outputs)) {
+ if (!result->IsValid()) {
+ TINT_ICE() << "ArrayLengthFromUniform returned invalid program:\n"
+ << result->Diagnostics();
+ }
+ }
+}
+
+} // namespace
+} // namespace tint::ast::transform
+
+TINT_WGSL_PROGRAM_FUZZER(tint::ast::transform::ArrayLengthFromUniformFuzzer);
