The test harness for the opt fuzzer was failing to consider that the
input might use a very large id bound, despite no id approaching this
bound actually being used.
This change modifies the test harness to use the module's id bound,
rather than looking through the module for large ids.
Fixes: oss-fuzz:42386
Use a very large id bound when fuzzing the optimizer, and check that the
input does not ids that are too close to this bound. This should make it
impossible in practice for an id overflow to occur.
Fixes#4657.
The OSS-Fuzz i386 build has been failing due to errors about
64-to-32-bit conversions, relating to random generation code. This
changre fixes the problem by explicitly using a 64-bit random generator,
and by adding a cast to size_t to avoid an implicit conversion.
Instead calculate a hash based on the input and use that as a seed
into random data generation for the target env.
Also fixes issue where input data was not actually being fed into
one fuzzer.
Fixes#4450
Pending a more general solution for constructing a target environment
based on the bytes of a test input, this change avoids a UBSan error
caused by the existing approach.
Fixes https://crbug.com/38087
With OSS-Fuzz, the build system should not directly set options such as
-fsanitize=fuzzer. Instead, these are set by OSS-Fuzz, and
linker options are provided via the LIB_FUZZER_OPTIONS environment
variable. This change allows the fuzzers to be build stand-alone,
outside of OSS-Fuzz, in the way that was already supported, as well as
inside OSS-Fuzz, when the LIB_FUZZER_OPTIONS environment variable is
set.
This splits the spvtools_config into a public and private part to avoid
leaking internal bits to dependents. A new target is added for the
public headers so that "gn check" works for dependents.
Also formats test/fuzzers/BUILD.gn
1.
BUILD.gn: Don't use the extra Chromium clang warnings
Also removes the unused .gn secondary_sources.
2.
Move fuzzers in test/ instead of testing/
This frees up testing/ to be the git subtree of Chromium's src/testing/
that contains test.gni, gtest, gmock and libfuzzer
3.
DEPS: get the whole testing/ subtree of Chromium
4.
BUILD.gn: Simplify the standalone gtest targets
These targets definitions are inspired from ANGLE's and add a variable
that is the path of the googletest directory so that it can be made
overridable in future commits.
6.
BUILD.gn: Add overridable variables for deps dirs
This avoids hardcoded paths to dependencies that make it hard to
integrate SPIRV-Tools in other GN projects.
