Adding fuzzing for Transforms
Fuzz all transforms being applied together, and fuzz each transform
separately.
BUG=tint:436
Change-Id: I53cf2e05c69f495f27bfa428f55ec033a85a612a
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/36945
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: David Neto <dneto@google.com>
Reviewed-by: dan sinclair <dsinclair@chromium.org>
diff --git a/BUILD.gn b/BUILD.gn
index 57c77f3..cde7a6f 100644
--- a/BUILD.gn
+++ b/BUILD.gn
@@ -1344,6 +1344,42 @@
":tint_fuzzer_common",
]
}
+
+ fuzzer_test("tint_all_transforms_fuzzer") {
+ sources = [ "fuzzers/tint_all_transforms_fuzzer.cc" ]
+ deps = [
+ ":libtint_spv_writer_src",
+ ":libtint_wgsl_reader_src",
+ ":tint_fuzzer_common",
+ ]
+ }
+
+ fuzzer_test("tint_bound_array_accessors_fuzzer") {
+ sources = [ "fuzzers/tint_bound_array_accessors_fuzzer.cc" ]
+ deps = [
+ ":libtint_spv_writer_src",
+ ":libtint_wgsl_reader_src",
+ ":tint_fuzzer_common",
+ ]
+ }
+
+ fuzzer_test("tint_emit_vertex_point_size_fuzzer") {
+ sources = [ "fuzzers/tint_emit_vertex_point_size_fuzzer.cc" ]
+ deps = [
+ ":libtint_spv_writer_src",
+ ":libtint_wgsl_reader_src",
+ ":tint_fuzzer_common",
+ ]
+ }
+
+ fuzzer_test("tint_first_index_offset_fuzzer") {
+ sources = [ "fuzzers/tint_first_index_offset_fuzzer.cc" ]
+ deps = [
+ ":libtint_spv_writer_src",
+ ":libtint_wgsl_reader_src",
+ ":tint_fuzzer_common",
+ ]
+ }
}
if (tint_build_wgsl_reader && tint_build_hlsl_writer) {
diff --git a/fuzzers/CMakeLists.txt b/fuzzers/CMakeLists.txt
index 27016d0..50b43a1 100644
--- a/fuzzers/CMakeLists.txt
+++ b/fuzzers/CMakeLists.txt
@@ -30,6 +30,10 @@
endif()
if ({$TINT_BUILD_WGSL_READER} AND ${TINT_BUILD_SPV_WRITER})
+ add_tint_fuzzer(tint_all_transforms_fuzzer)
+ add_tint_fuzzer(tint_bound_array_accessors_fuzzer)
+ add_tint_fuzzer(tint_emit_vertex_point_size_fuzzer)
+ add_tint_fuzzer(tint_first_index_offset_fuzzer)
add_tint_fuzzer(tint_wgsl_reader_spv_writer_fuzzer)
endif()
diff --git a/fuzzers/tint_all_transforms_fuzzer.cc b/fuzzers/tint_all_transforms_fuzzer.cc
new file mode 100644
index 0000000..0fb4f33
--- /dev/null
+++ b/fuzzers/tint_all_transforms_fuzzer.cc
@@ -0,0 +1,36 @@
+// Copyright 2021 The Tint Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include "fuzzers/tint_common_fuzzer.h"
+
+namespace tint {
+namespace fuzzers {
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ tint::transform::Manager transform_manager;
+ transform_manager.append(
+ std::make_unique<tint::transform::BoundArrayAccessors>());
+ transform_manager.append(
+ std::make_unique<tint::transform::EmitVertexPointSize>());
+ transform_manager.append(
+ std::make_unique<tint::transform::FirstIndexOffset>(0, 0));
+
+ tint::fuzzers::CommonFuzzer fuzzer(InputFormat::kWGSL, OutputFormat::kSpv);
+ fuzzer.SetTransformManager(&transform_manager);
+
+ return fuzzer.Run(data, size);
+}
+
+} // namespace fuzzers
+} // namespace tint
diff --git a/fuzzers/tint_bound_array_accessors_fuzzer.cc b/fuzzers/tint_bound_array_accessors_fuzzer.cc
new file mode 100644
index 0000000..7bb09d1
--- /dev/null
+++ b/fuzzers/tint_bound_array_accessors_fuzzer.cc
@@ -0,0 +1,32 @@
+// Copyright 2021 The Tint Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include "fuzzers/tint_common_fuzzer.h"
+
+namespace tint {
+namespace fuzzers {
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ tint::transform::Manager transform_manager;
+ transform_manager.append(
+ std::make_unique<tint::transform::BoundArrayAccessors>());
+
+ tint::fuzzers::CommonFuzzer fuzzer(InputFormat::kWGSL, OutputFormat::kSpv);
+ fuzzer.SetTransformManager(&transform_manager);
+
+ return fuzzer.Run(data, size);
+}
+
+} // namespace fuzzers
+} // namespace tint
diff --git a/fuzzers/tint_common_fuzzer.cc b/fuzzers/tint_common_fuzzer.cc
index 3cabcb1..a43ac9a 100644
--- a/fuzzers/tint_common_fuzzer.cc
+++ b/fuzzers/tint_common_fuzzer.cc
@@ -87,6 +87,15 @@
return 0;
}
+ if (transform_manager_) {
+ auto out = transform_manager_->Run(&mod);
+ if (out.diagnostics.contains_errors()) {
+ return 0;
+ }
+
+ mod = std::move(out.module);
+ }
+
std::unique_ptr<tint::writer::Writer> writer;
switch (output_) {
diff --git a/fuzzers/tint_common_fuzzer.h b/fuzzers/tint_common_fuzzer.h
index 79c9bb8..346132d 100644
--- a/fuzzers/tint_common_fuzzer.h
+++ b/fuzzers/tint_common_fuzzer.h
@@ -29,11 +29,14 @@
explicit CommonFuzzer(InputFormat input, OutputFormat output);
~CommonFuzzer();
+ void SetTransformManager(transform::Manager* tm) { transform_manager_ = tm; }
+
int Run(const uint8_t* data, size_t size);
private:
InputFormat input_;
OutputFormat output_;
+ transform::Manager* transform_manager_;
};
} // namespace fuzzers
diff --git a/fuzzers/tint_emit_vertex_point_size_fuzzer.cc b/fuzzers/tint_emit_vertex_point_size_fuzzer.cc
new file mode 100644
index 0000000..a2104c2
--- /dev/null
+++ b/fuzzers/tint_emit_vertex_point_size_fuzzer.cc
@@ -0,0 +1,32 @@
+// Copyright 2021 The Tint Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include "fuzzers/tint_common_fuzzer.h"
+
+namespace tint {
+namespace fuzzers {
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ tint::transform::Manager transform_manager;
+ transform_manager.append(
+ std::make_unique<tint::transform::EmitVertexPointSize>());
+
+ tint::fuzzers::CommonFuzzer fuzzer(InputFormat::kWGSL, OutputFormat::kSpv);
+ fuzzer.SetTransformManager(&transform_manager);
+
+ return fuzzer.Run(data, size);
+}
+
+} // namespace fuzzers
+} // namespace tint
diff --git a/fuzzers/tint_first_index_offset_fuzzer.cc b/fuzzers/tint_first_index_offset_fuzzer.cc
new file mode 100644
index 0000000..eb7b74d
--- /dev/null
+++ b/fuzzers/tint_first_index_offset_fuzzer.cc
@@ -0,0 +1,32 @@
+// Copyright 2021 The Tint Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include "fuzzers/tint_common_fuzzer.h"
+
+namespace tint {
+namespace fuzzers {
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ tint::transform::Manager transform_manager;
+ transform_manager.append(
+ std::make_unique<tint::transform::FirstIndexOffset>(0, 0));
+
+ tint::fuzzers::CommonFuzzer fuzzer(InputFormat::kWGSL, OutputFormat::kSpv);
+ fuzzer.SetTransformManager(&transform_manager);
+
+ return fuzzer.Run(data, size);
+}
+
+} // namespace fuzzers
+} // namespace tint