From e719577fe8ac3de38795cde2007337f854d97435 Mon Sep 17 00:00:00 2001 From: kjlubick Date: Tue, 18 Oct 2016 10:06:24 -0700 Subject: [PATCH] Add SKSL fuzzer BUG=skia:5490 GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2418763004 Review-Url: https://codereview.chromium.org/2418763004 --- fuzz/fuzz.cpp | 64 ++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 48 insertions(+), 16 deletions(-) diff --git a/fuzz/fuzz.cpp b/fuzz/fuzz.cpp index 549194619a..cbfb74415c 100644 --- a/fuzz/fuzz.cpp +++ b/fuzz/fuzz.cpp @@ -16,6 +16,7 @@ #include "SkPicture.h" #include "SkPicture.h" #include "SkPicture.h" +#include "SkSLCompiler.h" #include "SkStream.h" #include @@ -39,6 +40,7 @@ static int fuzz_img(sk_sp, uint8_t, uint8_t); static int fuzz_skp(sk_sp); static int fuzz_icc(sk_sp); static int fuzz_color_deserialize(sk_sp); +static int fuzz_sksl2glsl(sk_sp); int main(int argc, char** argv) { SkCommandLineFlags::Parse(argc, argv); @@ -53,22 +55,26 @@ int main(int argc, char** argv) { uint8_t option = calculate_option(bytes.get()); if (!FLAGS_type.isEmpty()) { - switch (FLAGS_type[0][0]) { - case 'a': return fuzz_api(bytes); - - case 'c': return fuzz_color_deserialize(bytes); - - case 'i': - if (FLAGS_type[0][1] == 'c') { //icc - return fuzz_icc(bytes); - } - // We only allow one degree of freedom to avoid a search space explosion for afl-fuzz. - if (FLAGS_type[0][6] == 's') { // image_scale - return fuzz_img(bytes, option, 0); - } - // image_mode - return fuzz_img(bytes, 0, option); - case 's': return fuzz_skp(bytes); + if (0 == strcmp("api", FLAGS_type[0])) { + return fuzz_api(bytes); + } + if (0 == strcmp("color_deserialize", FLAGS_type[0])) { + return fuzz_color_deserialize(bytes); + } + if (0 == strcmp("icc", FLAGS_type[0])) { + return fuzz_icc(bytes); + } + if (0 == strcmp("image_scale", FLAGS_type[0])) { + return fuzz_img(bytes, option, 0); + } + if (0 == strcmp("image_mode", FLAGS_type[0])) { + return fuzz_img(bytes, 0, option); + } + if (0 == strcmp("skp", FLAGS_type[0])) { + return fuzz_skp(bytes); + } + if (0 == strcmp("sksl2glsl", FLAGS_type[0])) { + return fuzz_sksl2glsl(bytes); } } return printUsage(argv[0]); @@ -400,6 +406,32 @@ int fuzz_color_deserialize(sk_sp bytes) { return 0; } +static SkSL::GLCaps default_caps() { + return { + 400, + SkSL::GLCaps::kGL_Standard, + false, // isCoreProfile + false, // usesPrecisionModifiers; + false, // mustDeclareFragmentShaderOutput + true, // canUseMinAndAbsTogether + false // mustForceNegatedAtanParamToFloat + }; +} + +int fuzz_sksl2glsl(sk_sp bytes) { + SkSL::Compiler compiler; + std::string output; + bool result = compiler.toGLSL(SkSL::Program::kFragment_Kind, + (const char*)bytes->data(), default_caps(), &output); + + if (!result) { + SkDebugf("[terminated] Couldn't compile input.\n"); + return 1; + } + SkDebugf("[terminated] Success! Compiled input.\n"); + return 0; +} + Fuzz::Fuzz(sk_sp bytes) : fBytes(bytes), fNextByte(0) {} void Fuzz::signalBug () { SkDebugf("Signal bug\n"); raise(SIGSEGV); }