Add fuzzers for SPIRV-Cross |
|||
Issue descriptionAdd fuzzers for SPIRV-Cross that will test it emitting HLSL, GLSL, and MSL. These should live in the Dawn repo.
,
Nov 12
The following revision refers to this bug: https://dawn.googlesource.com/dawn/+/9854295ff60b96f9c96c2711c55d2562c080dae9 commit 9854295ff60b96f9c96c2711c55d2562c080dae9 Author: Ryan Harrison <rharrison@chromium.org> Date: Mon Nov 12 12:20:21 2018 Add fuzzers for SPIRV-Cross This CL adds in fuzzers for SPIRV-Cross for HLSL, GLSL, and MSL outputs. These fuzzers live in Dawn because there is not appropriate location in the Chromium source repo for them and it is unlikely they would be land-able in the SPIRV-Cross repo, because it is not coupled with Chromium's build system and thus Clusterfuzz so would be effectively dead code. Dawn depends on this code, but it is also integrated into the Chromium build system, so this was the best place I could find for them The code under fuzz unfortunately uses exceptions/aborting as its error reporting mechanism. This is an acknowledge short coming and there are efforts to remove this behaviour. To work around this and reduce the number of false positives found by the fuzzers, a signal trap has been implemented which will be removed once the code under fuzz has been updated. The trap replaces the existing signal handler and silencing signals while running the code under test. This allows the code under test to call abort() and not crash the fuzzing process. Theoretically, only SIGABRT should need to be trapped, but something is causing the signal from abort() to be converted to SIGSEGV when running under ASAN. This signal trap has been tested with the fuzzing/sanitizers by intentionally inserting bad calls that will occur after a few thousand test cases. It was confirmed that the fuzzer detected the issue and stops fuzzing. The alternate to implementing this signal trap would be to turn on exceptions for the fuzzer. This was attempted, but proved to be fruitless due to what was reported as an ODR issue, but couldn't couldn't be silenced. The likely underlying issue was a pre-built library or other object being built without exceptions was causing different versions of symbols or the exception version of the standard library not being instrumented by ASAN. Given the majority of Chromium eco-system turns off exceptions, fixing this issue would not be helpful to the larger community and was looking like it would require significant effort. BUG= chromium:903380 Change-Id: I63a5595383f99b7a0e150d72bb04c89b8d722631 Reviewed-on: https://dawn-review.googlesource.com/c/2260 Commit-Queue: Corentin Wallez <cwallez@chromium.org> Reviewed-by: Max Moroz <mmoroz@chromium.org> Reviewed-by: Corentin Wallez <cwallez@chromium.org> [add] https://crrev.com/9854295ff60b96f9c96c2711c55d2562c080dae9/src/fuzzers/DawnSPIRVCrossHLSLFastFuzzer.cpp [add] https://crrev.com/9854295ff60b96f9c96c2711c55d2562c080dae9/src/fuzzers/DawnSPIRVCrossHLSLFullFuzzer.cpp [add] https://crrev.com/9854295ff60b96f9c96c2711c55d2562c080dae9/src/fuzzers/DawnSPIRVCrossFuzzer.cpp [modify] https://crrev.com/9854295ff60b96f9c96c2711c55d2562c080dae9/src/dawn_native/d3d12/ShaderModuleD3D12.cpp [modify] https://crrev.com/9854295ff60b96f9c96c2711c55d2562c080dae9/third_party/BUILD.gn [add] https://crrev.com/9854295ff60b96f9c96c2711c55d2562c080dae9/src/fuzzers/DawnSPIRVCrossGLSLFullFuzzer.cpp [modify] https://crrev.com/9854295ff60b96f9c96c2711c55d2562c080dae9/BUILD.gn [modify] https://crrev.com/9854295ff60b96f9c96c2711c55d2562c080dae9/src/dawn_native/opengl/ShaderModuleGL.cpp [add] https://crrev.com/9854295ff60b96f9c96c2711c55d2562c080dae9/src/fuzzers/DawnSPIRVCrossGLSLFastFuzzer.cpp [modify] https://crrev.com/9854295ff60b96f9c96c2711c55d2562c080dae9/src/dawn_native/metal/ShaderModuleMTL.mm [add] https://crrev.com/9854295ff60b96f9c96c2711c55d2562c080dae9/src/fuzzers/DawnSPIRVCrossFuzzer.h [add] https://crrev.com/9854295ff60b96f9c96c2711c55d2562c080dae9/src/fuzzers/DawnSPIRVCrossMSLFullFuzzer.cpp [add] https://crrev.com/9854295ff60b96f9c96c2711c55d2562c080dae9/src/fuzzers/DawnSPIRVCrossMSLFastFuzzer.cpp
,
Nov 12
,
Nov 12
,
Nov 12
The following revision refers to this bug: https://dawn.googlesource.com/dawn/+/42a0a49318c5c4abb50dfb3f618a0a5368b2951d commit 42a0a49318c5c4abb50dfb3f618a0a5368b2951d Author: Corentin Wallez <cwallez@chromium.org> Date: Mon Nov 12 15:22:37 2018 Fix compilation of SPIRV-Cross fuzzers in Chromium BUG= chromium:903380 Change-Id: Ic36c400339a2a1fd7dd99b928fec80ce98f6997b Reviewed-on: https://dawn-review.googlesource.com/c/2320 Reviewed-by: Dan Sinclair <dsinclair@google.com> Commit-Queue: Corentin Wallez <cwallez@chromium.org> [modify] https://crrev.com/42a0a49318c5c4abb50dfb3f618a0a5368b2951d/BUILD.gn
,
Nov 12
The following revision refers to this bug: https://dawn.googlesource.com/dawn/+/597e1587b4bfc7bf89895c7c879ae58b649da3c5 commit 597e1587b4bfc7bf89895c7c879ae58b649da3c5 Author: Corentin Wallez <cwallez@chromium.org> Date: Mon Nov 12 18:09:56 2018 Build fuzzer tests in standalone builds too. This will avoid compilation to break, and adds standalone reproducers for the fuzzer_tests. BUG= chromium:903380 BUG= dawn:34 Change-Id: I9995a852076d9f6d1ebdee5b999989c2d74d4709 Reviewed-on: https://dawn-review.googlesource.com/c/2321 Commit-Queue: Corentin Wallez <cwallez@chromium.org> Reviewed-by: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Dan Sinclair <dsinclair@google.com> [add] https://crrev.com/597e1587b4bfc7bf89895c7c879ae58b649da3c5/src/fuzzers/BUILD.gn [modify] https://crrev.com/597e1587b4bfc7bf89895c7c879ae58b649da3c5/BUILD.gn [add] https://crrev.com/597e1587b4bfc7bf89895c7c879ae58b649da3c5/src/fuzzers/StandaloneFuzzerMain.cpp |
|||
►
Sign in to add a comment |
|||
Comment 1 by rharrison@chromium.org
, Nov 8