Ensures that when an attempt to read a floating-point value from an
input stream fails, the recieving variable for the read does not end up
uninitialised.
Fixes OSS-Fuzz:40432
Fixes#4644
Currently if an ID overflow occurs, spirv-opt (and other users of
IRContext) emits a warning and starts returning 0 when fresh ids are
requested. This tends to lead to crashes - such as null pointer
exceptions. When these arise during fuzzing they lead to auto-reported
bugs.
This change uses an ifdef guard to instead gracefully exit as soon as an
ID overflow occurs when the build is a fuzzing build.
Related issue: #4539.
This prevents CCP from making constant -> constant transitions when
evaluating instruction values. In this case, FClamp is evaluated twice.
On the first evaluation, if computes FClamp(0.5, 0.5, -1) which returns
-1. On the second evaluation, it computes FClamp(0.5, 0.5, VARYING)
which returns 0.5.
Both fold() computations are correct given the semantics of FClamp() but
this causes a lateral transition in the constant lattice which was not
being considered VARYING by CCP.
Along with OpDecorate, also clone the OpDecorateString instructions for
variables created in the descriptor scalar replacement pass.
Fixesmicrosoft/DirectXShaderCompiler#3705
* https://github.com/KhronosGroup/Vulkan-Docs/issues/666 clearly
specified that interfaces do not require an input if there is an
associated output
* ADCE can now remove unused input variables (though they are kept if
the preserve interfaces option is used)
Fixes#4469
* Checks that decorations only usable with structure members are not
used by OpDecorate or OpDecorateId
* Checks that decorations not allowed on structure members are not used
with OpMemberDecorate
* Checks decoration targets for most core decorations
* Performs some Vulkan specific validation on deorations
* Add wasm build
* Run wasm ci on push
* Add copyright notice to wasm files
* [wasm] Update Emscripten
* [wasm] Change global lambda to regular function
* [wasm] Show detected core count during build
* [wasm] Set JS version from CHANGES, GITHUB_RUN_ID
Also remove custom docker emscripten build with brotli, as not used
* [wasm] Change github actions to use npm-publish
* [wasm] Us docker-compose up for CI
* [wasm] pass GITHUB_RUN_ID to docker
* [wasm] Change GITHUB_RUN_ID to GITHUB_RUN_NUMBER
* [wasm] Fix GITHUB_RUN_NUMBER in docker-compose.yml
If the ids overflow when creating an integer constant in the ir_builder, there will be a nullptr dereference. This is happening from inside merge return.
We need to propagate the error up, and make sure it is handled appropriately.
In #3404 a logical && was replaced with a bitwise & to ensure that
both side-effecting arguments were evaluated. However, this leads to
warnings from some compilers (leading to the OSS-Fuzz build breaking,
in particular).
This change reworks the relevant code so that both arguments to the
logical && are evaluated into temporaries.
Consider the new test case. The conditional branch in the continue
block is never marked as live. However, `IsDead` will say it is not
dead, so it does not get deleted. Because it was never marked as live,
`%false` was not mark as live either, but it gets deleted. This results
in invalid code.
To fix this properly, we had to reconsider how branches are handle. We
make the following changes:
1) Terminator instructions that are not branch or OpUnreachable must be
kept, so they are marked as live when initializing the worklist.
2) Branches and OpUnreachable instructions are marked as live if
a) the block does not have a merge instruction and another instruction
in the block is marked as live, or
b) the merge instruction in the same block is marked as live.
3) Any instruction that is not marked as live is removed.
4) If a terminator is to be removed, an OpUnreachable is added. This
happens when the entire block is dead, and the block will be removed.
The OpUnreachable is generated to make sure the block still has a
terminator, and is valid.
Fixes https://github.com/KhronosGroup/SPIRV-Tools/issues/4509.
The generator ID is located in the upper 16 bits. The lower bits are
reserved for a version number.
Co-authored-by: Lionel Landwerlin <lionel.g.landwerlin@intel.com>
When checking the OpBranchConditional for selection headers,
we intend to register both the true and false targets.
Short circuiting was getting in the way.
Co-authored-by: Steven Perron <stevenperron@google.com>
Spirv-opt has not had to handle module with function declarations. This
lead many passes to assume that every function has a body. This is not
always true. This commit will modify a number of passes to handle
function declarations.
Fixes https://github.com/KhronosGroup/SPIRV-Tools/issues/4443
Having IsLocalVar work only sometimes is something that could easily
lead to an error. This change refactors the code so that the function
can be called at any point. The current implementation was used because
we did not want to do multiple searches to see if a function was an
entry point or if it had a call. This was maintained by added a cache
that will store of a given function is an entry point with no calls.
When setting default value for spec constants, for numeric bit types smaller
than 32 bits, follow the SPIR-V rules for narrow literals:
- signed integers are sign-extended
- otherwise, upper bits are zero.
Followup to #4588
* test: add a test to show 8/16-bit
* opt/spec_constants: fix bit pattern width checks.
The input bit patterns are always at least 32-bits, so let the test
pass for 8/16-bit values as well. This shouldn't have any effect on the
64-bit patterns I assume this was introduced for.
Do this if Constant or DefUse managers are invalid. Using the
ConstantManager attempts to regenerate the DefUseManager
which is not valid during inlining.
* Account for strided components in arrays
Fixes#4567
* If the element type of an array takes less than a location in size,
calculate the location usage in a strided manner
* formatting
According to spec this opcode is a constant instruction - that's it
can appear outside of function bodies.
Co-authored-by: DmitryBushev <dmitry.bushev@intel.com>
To allow querying the range of target environments (to ensure that a
target environment value is within the valid range of the associated
enum), this change adds a maximum value to the spv_target_env
enumeration.
Instead calculate a hash based on the input and use that as a seed
into random data generation for the target env.
Also fixes issue where input data was not actually being fed into
one fuzzer.
Fixes#4450
* Don't eliminate dead members from StructuredBuffer as layout(offset) qualifiers cannot be applied to structure fields.
* Traverse arrays when marking structs as fully used.
Co-authored-by: Steven Perron <stevenperron@google.com>
* Have ADCE use cfg struct analysis (NFC)
ADCE has a lot of code and variables to keep track of
information that is easily obtains using the Struct
cfg analysis. Most of this change is to refactor the
code to have small functions to get the information
from the struct cfg analysis.
A few other changes small refactoring changes are
done.
* Factor out work list initialization in ADCE (NFC)
We move the code that will initially populate the work list into its own
function. We also simplify the code by making use of the struct cfg
analysis. That way we can reduce the number of tables used to track
information as we traverse the CFG.