New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 819435 link

Starred by 1 user
Status: Fixed
Owner:
riajiang@chromium.org
Closed: Apr 2018
Cc:
kenrb@chromium.org
rjkroege@chromium.org
sadrul@chromium.org
gklassen@chromium.org
wfh@chromium.org
creis@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , Windows , Chrome , Mac
Pri: 2
Type: Bug

Blocking:
issue 804888



Sign in to add a comment

Add fuzzing for HitTestManager

Project Member Reported by riajiang@chromium.org, Mar 7 2018 
We should add a fuzzer for HitTestManager before we start doing a finch-trial for viz-hittesting.
Project Member

Comment 1 by bugdroid1@chromium.org, Mar 16 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/57c26837a9a7ab1a0d6fec90192a0d68d98a7b95

commit 57c26837a9a7ab1a0d6fec90192a0d68d98a7b95
Author: Ria Jiang <riajiang@chromium.org>
Date: Fri Mar 16 19:21:52 2018

Use the latest LocalSurfaceId at aggregation time and prevent cycles in HTA.

1. Clients used to submit local_surface_id in hit-test data; however, this can be
racy because we have primary_surface_id and fallback_surface_id and we can use
any of the latest one in that range. Change it to not using local_surface_id
submitted from clients, but instead asking SurfaceAggregator at HitTestAggregator
::Aggregator() time for the latest local_surface_id to use - this is done by
adding LatestLocalSurfaceIdLookupDelegate in surfaces to talk to viz::Display,
where we have access to the surfaces SurfaceAggregator used at aggregation time.
Add FrameSinkIdMap in SurfaceAggregator to keep track of previously contained
frame sinks.

2. Keep track of the list of child regions we've aggregated so far in
HitTestAggregator to prevent cycles.

3. When preparing hit-test data, skip the quad if its FrameSinkId has changed
between fallback and primary because we don't know which FrameSinkId would be used
to draw this quad.

4. Add viz::TestLatestLocalSurfaceIdLookupDelegate to be used in tests.

Bug:  819057 ,  819435 
Test: viz_unittests, content_unittests

Cq-Include-Trybots: master.tryserver.chromium.android:android_optional_gpu_tests_rel
Change-Id: I35ec40ae00af1ba4e3937002c1c0d261dae8b136
Reviewed-on: https://chromium-review.googlesource.com/957881
Commit-Queue: Ria Jiang <riajiang@chromium.org>
Reviewed-by: Fady Samuel <fsamuel@chromium.org>
Reviewed-by: Sadrul Chowdhury <sadrul@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Cr-Commit-Position: refs/heads/master@{#543778}
[modify] https://crrev.com/57c26837a9a7ab1a0d6fec90192a0d68d98a7b95/components/viz/client/hit_test_data_provider_draw_quad.cc
[modify] https://crrev.com/57c26837a9a7ab1a0d6fec90192a0d68d98a7b95/components/viz/client/hit_test_data_provider_draw_quad_unittest.cc
[modify] https://crrev.com/57c26837a9a7ab1a0d6fec90192a0d68d98a7b95/components/viz/host/host_frame_sink_manager_unittest.cc
[modify] https://crrev.com/57c26837a9a7ab1a0d6fec90192a0d68d98a7b95/components/viz/service/BUILD.gn
[modify] https://crrev.com/57c26837a9a7ab1a0d6fec90192a0d68d98a7b95/components/viz/service/display/display.cc
[modify] https://crrev.com/57c26837a9a7ab1a0d6fec90192a0d68d98a7b95/components/viz/service/display/display.h
[modify] https://crrev.com/57c26837a9a7ab1a0d6fec90192a0d68d98a7b95/components/viz/service/display/surface_aggregator.cc
[modify] https://crrev.com/57c26837a9a7ab1a0d6fec90192a0d68d98a7b95/components/viz/service/display/surface_aggregator.h
[modify] https://crrev.com/57c26837a9a7ab1a0d6fec90192a0d68d98a7b95/components/viz/service/display/surface_aggregator_unittest.cc
[modify] https://crrev.com/57c26837a9a7ab1a0d6fec90192a0d68d98a7b95/components/viz/service/frame_sinks/compositor_frame_sink_support.cc
[modify] https://crrev.com/57c26837a9a7ab1a0d6fec90192a0d68d98a7b95/components/viz/service/frame_sinks/compositor_frame_sink_support.h
[modify] https://crrev.com/57c26837a9a7ab1a0d6fec90192a0d68d98a7b95/components/viz/service/frame_sinks/direct_layer_tree_frame_sink.cc
[modify] https://crrev.com/57c26837a9a7ab1a0d6fec90192a0d68d98a7b95/components/viz/service/frame_sinks/direct_layer_tree_frame_sink_unittest.cc
[modify] https://crrev.com/57c26837a9a7ab1a0d6fec90192a0d68d98a7b95/components/viz/service/frame_sinks/root_compositor_frame_sink_impl.cc
[modify] https://crrev.com/57c26837a9a7ab1a0d6fec90192a0d68d98a7b95/components/viz/service/hit_test/hit_test_aggregator.cc
[modify] https://crrev.com/57c26837a9a7ab1a0d6fec90192a0d68d98a7b95/components/viz/service/hit_test/hit_test_aggregator.h
[modify] https://crrev.com/57c26837a9a7ab1a0d6fec90192a0d68d98a7b95/components/viz/service/hit_test/hit_test_aggregator_unittest.cc
[modify] https://crrev.com/57c26837a9a7ab1a0d6fec90192a0d68d98a7b95/components/viz/service/hit_test/hit_test_manager.cc
[modify] https://crrev.com/57c26837a9a7ab1a0d6fec90192a0d68d98a7b95/components/viz/service/hit_test/hit_test_manager.h
[add] https://crrev.com/57c26837a9a7ab1a0d6fec90192a0d68d98a7b95/components/viz/service/surfaces/latest_local_surface_id_lookup_delegate.h
[modify] https://crrev.com/57c26837a9a7ab1a0d6fec90192a0d68d98a7b95/components/viz/test/BUILD.gn
[add] https://crrev.com/57c26837a9a7ab1a0d6fec90192a0d68d98a7b95/components/viz/test/test_latest_local_surface_id_lookup_delegate.cc
[add] https://crrev.com/57c26837a9a7ab1a0d6fec90192a0d68d98a7b95/components/viz/test/test_latest_local_surface_id_lookup_delegate.h
[modify] https://crrev.com/57c26837a9a7ab1a0d6fec90192a0d68d98a7b95/content/browser/renderer_host/render_widget_host_view_aura_unittest.cc
[modify] https://crrev.com/57c26837a9a7ab1a0d6fec90192a0d68d98a7b95/services/ui/ws/frame_generator.cc
[modify] https://crrev.com/57c26837a9a7ab1a0d6fec90192a0d68d98a7b95/services/viz/public/interfaces/hit_test/hit_test_region_list.mojom
[modify] https://crrev.com/57c26837a9a7ab1a0d6fec90192a0d68d98a7b95/ui/aura/hit_test_data_provider_aura.cc
Project Member

Comment 2 by bugdroid1@chromium.org, Mar 27 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/337a57b9b3be8a2f7dab252c4d4d90ff44bbc2b3

commit 337a57b9b3be8a2f7dab252c4d4d90ff44bbc2b3
Author: Ria Jiang <riajiang@chromium.org>
Date: Tue Mar 27 20:24:19 2018

Add a fuzzer for HitTestManager and HitTestAggregator.

Fuzz the hit-test data sent to HitTestManager and aggregate that in
HitTestAggregator. One problem the fuzzer revealed is fixed in
https://chromium-review.googlesource.com/c/chromium/src/+/957881.
Coverage report:
https://goto.google.com/riajiang-hit-test-fuzzer-report

Bug:  819435 
Cq-Include-Trybots: luci.chromium.try:android_optional_gpu_tests_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel
Change-Id: I6029ffcaa0ccb696648d09da1e344aa2daa0eff6
Reviewed-on: https://chromium-review.googlesource.com/969927
Commit-Queue: Ria Jiang <riajiang@chromium.org>
Reviewed-by: Robert Kroeger <rjkroege@chromium.org>
Reviewed-by: Sadrul Chowdhury <sadrul@chromium.org>
Reviewed-by: Ken Rockot <rockot@chromium.org>
Reviewed-by: Ken Buchanan <kenrb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#546233}
[modify] https://crrev.com/337a57b9b3be8a2f7dab252c4d4d90ff44bbc2b3/components/viz/service/BUILD.gn
[modify] https://crrev.com/337a57b9b3be8a2f7dab252c4d4d90ff44bbc2b3/components/viz/service/hit_test/DEPS
[modify] https://crrev.com/337a57b9b3be8a2f7dab252c4d4d90ff44bbc2b3/components/viz/service/hit_test/hit_test_aggregator.cc
[modify] https://crrev.com/337a57b9b3be8a2f7dab252c4d4d90ff44bbc2b3/components/viz/service/hit_test/hit_test_aggregator.h
[add] https://crrev.com/337a57b9b3be8a2f7dab252c4d4d90ff44bbc2b3/components/viz/service/hit_test/hit_test_manager_fuzzer.cc

Comment 3 by riajiang@chromium.org, Apr 16 2018

Status: Fixed (was: Started)

Sign in to add a comment