Adding fuzzing for Transforms

Fuzz all transforms being applied together, and fuzz each transform
separately.

BUG=tint:436

Change-Id: I53cf2e05c69f495f27bfa428f55ec033a85a612a
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/36945
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: David Neto <dneto@google.com>
Reviewed-by: dan sinclair <dsinclair@chromium.org>
diff --git a/BUILD.gn b/BUILD.gn
index 57c77f3..cde7a6f 100644
--- a/BUILD.gn
+++ b/BUILD.gn
@@ -1344,6 +1344,42 @@
         ":tint_fuzzer_common",
       ]
     }
+
+    fuzzer_test("tint_all_transforms_fuzzer") {
+      sources = [ "fuzzers/tint_all_transforms_fuzzer.cc" ]
+      deps = [
+        ":libtint_spv_writer_src",
+        ":libtint_wgsl_reader_src",
+        ":tint_fuzzer_common",
+      ]
+    }
+
+    fuzzer_test("tint_bound_array_accessors_fuzzer") {
+      sources = [ "fuzzers/tint_bound_array_accessors_fuzzer.cc" ]
+      deps = [
+        ":libtint_spv_writer_src",
+        ":libtint_wgsl_reader_src",
+        ":tint_fuzzer_common",
+      ]
+    }
+
+    fuzzer_test("tint_emit_vertex_point_size_fuzzer") {
+      sources = [ "fuzzers/tint_emit_vertex_point_size_fuzzer.cc" ]
+      deps = [
+        ":libtint_spv_writer_src",
+        ":libtint_wgsl_reader_src",
+        ":tint_fuzzer_common",
+      ]
+    }
+
+    fuzzer_test("tint_first_index_offset_fuzzer") {
+      sources = [ "fuzzers/tint_first_index_offset_fuzzer.cc" ]
+      deps = [
+        ":libtint_spv_writer_src",
+        ":libtint_wgsl_reader_src",
+        ":tint_fuzzer_common",
+      ]
+    }
   }
 
   if (tint_build_wgsl_reader && tint_build_hlsl_writer) {
diff --git a/fuzzers/CMakeLists.txt b/fuzzers/CMakeLists.txt
index 27016d0..50b43a1 100644
--- a/fuzzers/CMakeLists.txt
+++ b/fuzzers/CMakeLists.txt
@@ -30,6 +30,10 @@
 endif()
 
 if ({$TINT_BUILD_WGSL_READER} AND ${TINT_BUILD_SPV_WRITER})
+  add_tint_fuzzer(tint_all_transforms_fuzzer)
+  add_tint_fuzzer(tint_bound_array_accessors_fuzzer)
+  add_tint_fuzzer(tint_emit_vertex_point_size_fuzzer)
+  add_tint_fuzzer(tint_first_index_offset_fuzzer)
   add_tint_fuzzer(tint_wgsl_reader_spv_writer_fuzzer)
 endif()
 
diff --git a/fuzzers/tint_all_transforms_fuzzer.cc b/fuzzers/tint_all_transforms_fuzzer.cc
new file mode 100644
index 0000000..0fb4f33
--- /dev/null
+++ b/fuzzers/tint_all_transforms_fuzzer.cc
@@ -0,0 +1,36 @@
+// Copyright 2021 The Tint Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include "fuzzers/tint_common_fuzzer.h"
+
+namespace tint {
+namespace fuzzers {
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  tint::transform::Manager transform_manager;
+  transform_manager.append(
+      std::make_unique<tint::transform::BoundArrayAccessors>());
+  transform_manager.append(
+      std::make_unique<tint::transform::EmitVertexPointSize>());
+  transform_manager.append(
+      std::make_unique<tint::transform::FirstIndexOffset>(0, 0));
+
+  tint::fuzzers::CommonFuzzer fuzzer(InputFormat::kWGSL, OutputFormat::kSpv);
+  fuzzer.SetTransformManager(&transform_manager);
+
+  return fuzzer.Run(data, size);
+}
+
+}  // namespace fuzzers
+}  // namespace tint
diff --git a/fuzzers/tint_bound_array_accessors_fuzzer.cc b/fuzzers/tint_bound_array_accessors_fuzzer.cc
new file mode 100644
index 0000000..7bb09d1
--- /dev/null
+++ b/fuzzers/tint_bound_array_accessors_fuzzer.cc
@@ -0,0 +1,32 @@
+// Copyright 2021 The Tint Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include "fuzzers/tint_common_fuzzer.h"
+
+namespace tint {
+namespace fuzzers {
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  tint::transform::Manager transform_manager;
+  transform_manager.append(
+      std::make_unique<tint::transform::BoundArrayAccessors>());
+
+  tint::fuzzers::CommonFuzzer fuzzer(InputFormat::kWGSL, OutputFormat::kSpv);
+  fuzzer.SetTransformManager(&transform_manager);
+
+  return fuzzer.Run(data, size);
+}
+
+}  // namespace fuzzers
+}  // namespace tint
diff --git a/fuzzers/tint_common_fuzzer.cc b/fuzzers/tint_common_fuzzer.cc
index 3cabcb1..a43ac9a 100644
--- a/fuzzers/tint_common_fuzzer.cc
+++ b/fuzzers/tint_common_fuzzer.cc
@@ -87,6 +87,15 @@
     return 0;
   }
 
+  if (transform_manager_) {
+    auto out = transform_manager_->Run(&mod);
+    if (out.diagnostics.contains_errors()) {
+      return 0;
+    }
+
+    mod = std::move(out.module);
+  }
+
   std::unique_ptr<tint::writer::Writer> writer;
 
   switch (output_) {
diff --git a/fuzzers/tint_common_fuzzer.h b/fuzzers/tint_common_fuzzer.h
index 79c9bb8..346132d 100644
--- a/fuzzers/tint_common_fuzzer.h
+++ b/fuzzers/tint_common_fuzzer.h
@@ -29,11 +29,14 @@
   explicit CommonFuzzer(InputFormat input, OutputFormat output);
   ~CommonFuzzer();
 
+  void SetTransformManager(transform::Manager* tm) { transform_manager_ = tm; }
+
   int Run(const uint8_t* data, size_t size);
 
  private:
   InputFormat input_;
   OutputFormat output_;
+  transform::Manager* transform_manager_;
 };
 
 }  // namespace fuzzers
diff --git a/fuzzers/tint_emit_vertex_point_size_fuzzer.cc b/fuzzers/tint_emit_vertex_point_size_fuzzer.cc
new file mode 100644
index 0000000..a2104c2
--- /dev/null
+++ b/fuzzers/tint_emit_vertex_point_size_fuzzer.cc
@@ -0,0 +1,32 @@
+// Copyright 2021 The Tint Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include "fuzzers/tint_common_fuzzer.h"
+
+namespace tint {
+namespace fuzzers {
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  tint::transform::Manager transform_manager;
+  transform_manager.append(
+      std::make_unique<tint::transform::EmitVertexPointSize>());
+
+  tint::fuzzers::CommonFuzzer fuzzer(InputFormat::kWGSL, OutputFormat::kSpv);
+  fuzzer.SetTransformManager(&transform_manager);
+
+  return fuzzer.Run(data, size);
+}
+
+}  // namespace fuzzers
+}  // namespace tint
diff --git a/fuzzers/tint_first_index_offset_fuzzer.cc b/fuzzers/tint_first_index_offset_fuzzer.cc
new file mode 100644
index 0000000..eb7b74d
--- /dev/null
+++ b/fuzzers/tint_first_index_offset_fuzzer.cc
@@ -0,0 +1,32 @@
+// Copyright 2021 The Tint Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include "fuzzers/tint_common_fuzzer.h"
+
+namespace tint {
+namespace fuzzers {
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  tint::transform::Manager transform_manager;
+  transform_manager.append(
+      std::make_unique<tint::transform::FirstIndexOffset>(0, 0));
+
+  tint::fuzzers::CommonFuzzer fuzzer(InputFormat::kWGSL, OutputFormat::kSpv);
+  fuzzer.SetTransformManager(&transform_manager);
+
+  return fuzzer.Run(data, size);
+}
+
+}  // namespace fuzzers
+}  // namespace tint