Commit Graph

15 Commits

Author SHA1 Message Date
Ben Clayton
c5bda7ae5a
Fuzzer: Default the new constructor parameter (#4438)
Introducing a new mandatory parameter makes it very difficult to roll
Chromium to a new version of SPIRV-Tools, as this project is used by
several third-party projects, and an atomic update of all projects
is very hard to coordinate.
2021-08-02 13:37:37 +01:00
Alastair Donaldson
9c4481419e
spirv-fuzz: Allow inapplicable transformations to be ignored (#4407)
spirv-fuzz features transformations that should be applicable by
construction. Assertions are used to detect when such transformations
turn out to be inapplicable. Failures of such assertions indicate bugs
in the fuzzer. However, when using the fuzzer at scale (e.g. in
ClusterFuzz) reports of these assertion failures create noise, and
cause the fuzzer to exit early. This change adds an option whereby
inapplicable transformations can be ignored. This reduces noise and
allows fuzzing to continue even when a transformation that should be
applicable but is not has been erroneously created.
2021-07-28 22:59:37 +01:00
Vasyl Teliman
43cfa9bc1d
spirv-fuzz: Add persistent state to the fuzzer (#4137)
Adds persistent state to the fuzzer so that it can be used as a custom
mutator for mutation-based fuzzing.
2021-03-03 15:34:53 +00:00
Alastair Donaldson
502e982956
spirv-fuzz: Fix to TransformationInlineFunction (#3913)
This fixes a problem where TransformationInlineFunction could lead to
distinct instructions having identical unique ids. It adds a validity
check to detect this problem in general.

Fixes #3911.
2020-10-16 22:58:09 +01:00
Alastair Donaldson
5c64374dd6
spirv-fuzz: Avoid creating blocks without parents (#3908)
The validity check during fuzzing and in unit tests is strengthened to
require that every block has its enclosing function as its parent.
TransformationMergeFunctionReturns is fixed so that it ensures parents
are set appropriately.

Fixes #3907.
2020-10-13 19:48:18 +01:00
Alastair Donaldson
f2b8a4ee51
spirv-fuzz: Enable some passes with high probability (#3860)
Fixes #3764.
2020-10-01 09:07:06 +01:00
Alastair Donaldson
125b642419
spirv-fuzz: Refactor fuzzer, replayer and shrinker (#3818)
In preparation for some upcoming work on the shrinker, this PR changes
the interfaces of Fuzzer, Replayer and Shrinker so that all data
relevant to each class is provided on construction, meaning that the
"Run" method can become a zero-argument method that returns a status,
transformed binary and sequence of applied transformations via a
struct.

This makes greater use of fields, so that -- especially in Fuzzer --
there is a lot less parameter passing.
2020-09-22 10:07:58 +01:00
Alastair Donaldson
60ce96e2ff
spirv-fuzz: Add pass recommendations (#3757)
This change introduces various strategies for controlling the manner
in which fuzzer passes are applied repeatedly, including infrastructure
to allow fuzzer passes to be recommended based on which passes ran
previously.
2020-09-18 15:51:35 +01:00
Alastair Donaldson
f428aa39ca
spirv-fuzz: Remove opaque pointer design pattern (#3755)
There's no real need for Fuzzer, Replayer and Shrinker to use the
opaque pointer design pattern.  This change removes it, paving the way
for making some upcoming changes to Fuzzer easier.
2020-08-28 13:30:06 +01:00
Alastair Donaldson
2fdea57d19
spirv-fuzz: Add validator options (#3254)
Allows several validator options to be passed to the fuzzer, to be
used when validation is invoked during fuzzing.
2020-04-02 14:37:59 +01:00
Alastair Donaldson
31acc78821
spirv-fuzz: Add fuzzer pass to perform module donation (#3117)
This change adds a fuzzer pass that allows code from other SPIR-V
modules to be donated into the module under transformation.  It also
changes the command-line options of the tools so that, in fuzzing
mode, a file must be specified that contains the names of available
donor modules.
2020-01-07 08:39:55 +00:00
Alastair Donaldson
52e9cc9301
spirv-fuzz: Improve debugging facilities (#3074)
Adds an option to run the validator on the SPIR-V binary after each
fuzzer pass has been applied, to help identify when the fuzzer has
made the module invalid.  Also adds a helper method to allow dumping
of the sequence of transformations that have been applied to a JSON
file.
2019-11-27 18:05:56 +00:00
Alastair Donaldson
b8ab80843f
Shrinker for spirv-fuzz (#2708)
Adds to spirv-fuzz the option to shrink a sequence of transformations
that lead to an interesting binary to be generated, to find a smaller
sub-sequence of transformations that still lead to an interesting (but
hopefully simpler) binary being generated. The notion of what counts
as "interesting" comes from a user-provided script, the
"interestingness function", similar to the way the spirv-reduce tool
works. The shrinking process will give up after a maximum number of
steps, which can be configured on the command line.

Tests for the combination of fuzzing and shrinking are included, using
a variety of interestingness functions.
2019-07-07 08:55:30 +01:00
Alastair Donaldson
6ccb52b864
Warn when input facts are invalid. (#2699)
Fixes #2621.

Instead of aborting when an invalid input fact is provided, the tool
now warns about the invalid fact and then ignores it.  This is
convenient for example if facts are specified about uniforms with
descriptor sets and bindings that happen to not be present in the
input binary.
2019-06-26 16:40:19 +01:00
Alastair Donaldson
fe9f870130
Add library for spirv-fuzz (#2618)
Adds a library for spirv-fuzz, consisting of a Fuzzer class that will
transform a module with respect to (a) facts about the module provided
via a FactManager class, and (b) a source of random numbers and
parameters to control the transformation process provided via a
FuzzerContext class.  Transformations will be applied via classes that
implement a FuzzerPass interface, and both facts and transformations
will be represented via protobuf messages.  Currently there are no
concrete facts, transformations nor fuzzer passes; these will follow.
2019-05-27 14:34:55 +01:00