Add fuzzing for transform::BindingRemapper
BUG=tint:722
Change-Id: I742f1e536ef0429c2e7b8c9ea6c13b836a2ec0c2
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/49360
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
diff --git a/fuzzers/BUILD.gn b/fuzzers/BUILD.gn
index cb5646d..3c11d29 100644
--- a/fuzzers/BUILD.gn
+++ b/fuzzers/BUILD.gn
@@ -66,6 +66,11 @@
deps = [ ":tint_fuzzer_common" ]
}
+ fuzzer_test("tint_binding_remapper_fuzzer") {
+ sources = [ "tint_binding_remapper_fuzzer.cc" ]
+ deps = [ ":tint_fuzzer_common" ]
+ }
+
fuzzer_test("tint_bound_array_accessors_fuzzer") {
sources = [ "tint_bound_array_accessors_fuzzer.cc" ]
deps = [ ":tint_fuzzer_common" ]
@@ -156,6 +161,7 @@
if (tint_build_wgsl_reader && tint_build_spv_writer) {
deps += [
":tint_all_transforms_fuzzer",
+ ":tint_binding_remapper_fuzzer",
":tint_bound_array_accessors_fuzzer",
":tint_emit_vertex_point_size_fuzzer",
":tint_first_index_offset_fuzzer",
diff --git a/fuzzers/CMakeLists.txt b/fuzzers/CMakeLists.txt
index 522a12e..d4d0fac 100644
--- a/fuzzers/CMakeLists.txt
+++ b/fuzzers/CMakeLists.txt
@@ -31,6 +31,7 @@
if (${TINT_BUILD_WGSL_READER} AND ${TINT_BUILD_SPV_WRITER})
add_tint_fuzzer(tint_all_transforms_fuzzer)
+ add_tint_fuzzer(tint_binding_remapper_fuzzer)
add_tint_fuzzer(tint_bound_array_accessors_fuzzer)
add_tint_fuzzer(tint_emit_vertex_point_size_fuzzer)
add_tint_fuzzer(tint_first_index_offset_fuzzer)
diff --git a/fuzzers/tint_all_transforms_fuzzer.cc b/fuzzers/tint_all_transforms_fuzzer.cc
index 7b76ab4..f740024 100644
--- a/fuzzers/tint_all_transforms_fuzzer.cc
+++ b/fuzzers/tint_all_transforms_fuzzer.cc
@@ -18,25 +18,22 @@
namespace fuzzers {
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
- struct Config {
- uint32_t group;
- uint32_t binding;
- };
- if (size < sizeof(Config)) {
- return 0;
- }
- auto* config = reinterpret_cast<const Config*>(data);
- data += sizeof(Config);
- size -= sizeof(Config);
tint::transform::Manager transform_manager;
tint::transform::DataMap transform_inputs;
- transform_inputs.Add<tint::transform::FirstIndexOffset::BindingPoint>(
- config->binding, config->group);
+ if (!ExtractFirstIndexOffsetInputs(&data, &size, &transform_inputs)) {
+ return 0;
+ }
+
+ if (!ExtractBindingRemapperInputs(&data, &size, &transform_inputs)) {
+ return 0;
+ }
+
transform_manager.Add<tint::transform::BoundArrayAccessors>();
transform_manager.Add<tint::transform::EmitVertexPointSize>();
transform_manager.Add<tint::transform::FirstIndexOffset>();
+ transform_manager.Add<tint::transform::BindingRemapper>();
tint::fuzzers::CommonFuzzer fuzzer(InputFormat::kWGSL, OutputFormat::kSpv);
fuzzer.SetTransformManager(&transform_manager, std::move(transform_inputs));
diff --git a/fuzzers/tint_binding_remapper_fuzzer.cc b/fuzzers/tint_binding_remapper_fuzzer.cc
new file mode 100644
index 0000000..492174d
--- /dev/null
+++ b/fuzzers/tint_binding_remapper_fuzzer.cc
@@ -0,0 +1,37 @@
+// Copyright 2021 The Tint Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include "fuzzers/tint_common_fuzzer.h"
+
+namespace tint {
+namespace fuzzers {
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ transform::Manager transform_manager;
+ transform::DataMap transform_inputs;
+
+ if (!ExtractBindingRemapperInputs(&data, &size, &transform_inputs)) {
+ return 0;
+ }
+
+ transform_manager.Add<tint::transform::BindingRemapper>();
+
+ fuzzers::CommonFuzzer fuzzer(InputFormat::kWGSL, OutputFormat::kSpv);
+ fuzzer.SetTransformManager(&transform_manager, std::move(transform_inputs));
+
+ return fuzzer.Run(data, size);
+}
+
+} // namespace fuzzers
+} // namespace tint
diff --git a/fuzzers/tint_common_fuzzer.cc b/fuzzers/tint_common_fuzzer.cc
index bf2f02c..94680f4 100644
--- a/fuzzers/tint_common_fuzzer.cc
+++ b/fuzzers/tint_common_fuzzer.cc
@@ -33,6 +33,74 @@
__builtin_trap();
}
+bool ExtractBindingRemapperInputs(const uint8_t** data,
+ size_t* size,
+ tint::transform::DataMap* inputs) {
+ if ((*size) < sizeof(uint8_t)) {
+ return false;
+ }
+
+ auto count = *reinterpret_cast<const uint8_t*>(*data);
+ (*data) += sizeof(uint8_t);
+ (*size) -= sizeof(uint8_t);
+
+ struct Config {
+ uint32_t old_group;
+ uint32_t old_binding;
+ uint32_t new_group;
+ uint32_t new_binding;
+ ast::AccessControl::Access new_ac;
+ };
+
+ if ((*size) < count * sizeof(Config)) {
+ return false;
+ }
+
+ std::vector<Config> configs(count);
+
+ memcpy(configs.data(), *data, count * sizeof(Config));
+
+ (*data) += count * sizeof(Config);
+ (*size) -= count * sizeof(Config);
+
+ transform::BindingRemapper::BindingPoints binding_points;
+ transform::BindingRemapper::AccessControls access_controls;
+ for (const auto& config : configs) {
+ binding_points[{config.old_binding, config.old_group}] = {
+ config.new_binding, config.new_group};
+ access_controls[{config.old_binding, config.old_group}] = config.new_ac;
+ }
+
+ inputs->Add<transform::BindingRemapper::Remappings>(binding_points,
+ access_controls);
+
+ return true;
+}
+
+bool ExtractFirstIndexOffsetInputs(const uint8_t** data,
+ size_t* size,
+ tint::transform::DataMap* inputs) {
+ struct Config {
+ uint32_t group;
+ uint32_t binding;
+ };
+
+ if ((*size) < sizeof(Config)) {
+ return false;
+ }
+
+ Config config;
+ memcpy(&config, data, sizeof(config));
+
+ (*data) += sizeof(Config);
+ (*size) -= sizeof(Config);
+
+ inputs->Add<tint::transform::FirstIndexOffset::BindingPoint>(config.binding,
+ config.group);
+
+ return true;
+}
+
CommonFuzzer::CommonFuzzer(InputFormat input, OutputFormat output)
: input_(input),
output_(output),
diff --git a/fuzzers/tint_common_fuzzer.h b/fuzzers/tint_common_fuzzer.h
index 69a0ab6..c5454ac 100644
--- a/fuzzers/tint_common_fuzzer.h
+++ b/fuzzers/tint_common_fuzzer.h
@@ -22,6 +22,13 @@
namespace tint {
namespace fuzzers {
+bool ExtractBindingRemapperInputs(const uint8_t** data,
+ size_t* size,
+ tint::transform::DataMap* inputs);
+bool ExtractFirstIndexOffsetInputs(const uint8_t** data,
+ size_t* size,
+ tint::transform::DataMap* inputs);
+
enum class InputFormat { kWGSL, kSpv, kNone };
enum class OutputFormat { kWGSL, kSpv, kHLSL, kMSL, kNone };
diff --git a/fuzzers/tint_first_index_offset_fuzzer.cc b/fuzzers/tint_first_index_offset_fuzzer.cc
index d521063..8f441f1 100644
--- a/fuzzers/tint_first_index_offset_fuzzer.cc
+++ b/fuzzers/tint_first_index_offset_fuzzer.cc
@@ -18,21 +18,13 @@
namespace fuzzers {
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
- struct Config {
- uint32_t group;
- uint32_t binding;
- };
- if (size < sizeof(Config)) {
- return 0;
- }
- auto* config = reinterpret_cast<const Config*>(data);
- data += sizeof(Config);
- size -= sizeof(Config);
-
tint::transform::Manager transform_manager;
tint::transform::DataMap transform_inputs;
- transform_inputs.Add<tint::transform::FirstIndexOffset::BindingPoint>(
- config->binding, config->group);
+
+ if (!ExtractFirstIndexOffsetInputs(&data, &size, &transform_inputs)) {
+ return 0;
+ }
+
transform_manager.Add<tint::transform::FirstIndexOffset>();
tint::fuzzers::CommonFuzzer fuzzer(InputFormat::kWGSL, OutputFormat::kSpv);
