Add SKSL fuzzer

BUG=skia:5490 GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2418763004 Review-Url: https://codereview.chromium.org/2418763004
2016-10-18 10:06:24 -07:00 · 2016-10-18 10:06:24 -07:00 · e719577fe8
commit e719577fe8
parent 9488833428
1 changed files with 48 additions and 16 deletions
--- a/fuzz/fuzz.cpp
+++ b/fuzz/fuzz.cpp
@ -16,6 +16,7 @@
 #include "SkPicture.h"
 #include "SkPicture.h"
 #include "SkPicture.h"
+#include "SkSLCompiler.h"
 #include "SkStream.h"

 #include <cmath>
@ -39,6 +40,7 @@ static int fuzz_img(sk_sp<SkData>, uint8_t, uint8_t);
 static int fuzz_skp(sk_sp<SkData>);
 static int fuzz_icc(sk_sp<SkData>);
 static int fuzz_color_deserialize(sk_sp<SkData>);
+static int fuzz_sksl2glsl(sk_sp<SkData>);

 int main(int argc, char** argv) {
    SkCommandLineFlags::Parse(argc, argv);
@ -53,22 +55,26 @@ int main(int argc, char** argv) {
    uint8_t option = calculate_option(bytes.get());

    if (!FLAGS_type.isEmpty()) {
-        switch (FLAGS_type[0][0]) {
-            case 'a': return fuzz_api(bytes);
-
-            case 'c': return fuzz_color_deserialize(bytes);
-
-            case 'i':
-                if (FLAGS_type[0][1] == 'c') { //icc
+        if (0 == strcmp("api", FLAGS_type[0])) {
+            return fuzz_api(bytes);
+        }
+        if (0 == strcmp("color_deserialize", FLAGS_type[0])) {
+            return fuzz_color_deserialize(bytes);
+        }
+        if (0 == strcmp("icc", FLAGS_type[0])) {
            return fuzz_icc(bytes);
        }
-                // We only allow one degree of freedom to avoid a search space explosion for afl-fuzz.
-                if (FLAGS_type[0][6] == 's') { // image_scale
+        if (0 == strcmp("image_scale", FLAGS_type[0])) {
            return fuzz_img(bytes, option, 0);
        }
-                // image_mode
+        if (0 == strcmp("image_mode", FLAGS_type[0])) {
            return fuzz_img(bytes, 0, option);
-            case 's': return fuzz_skp(bytes);
+        }
+        if (0 == strcmp("skp", FLAGS_type[0])) {
+            return fuzz_skp(bytes);
+        }
+        if (0 == strcmp("sksl2glsl", FLAGS_type[0])) {
+            return fuzz_sksl2glsl(bytes);
        }
    }
    return printUsage(argv[0]);
@ -400,6 +406,32 @@ int fuzz_color_deserialize(sk_sp<SkData> bytes) {
    return 0;
 }

+static SkSL::GLCaps default_caps() {
+    return {
+             400,
+             SkSL::GLCaps::kGL_Standard,
+             false, // isCoreProfile
+             false, // usesPrecisionModifiers;
+             false, // mustDeclareFragmentShaderOutput
+             true,   // canUseMinAndAbsTogether
+             false  // mustForceNegatedAtanParamToFloat
+           };
+}
+
+int fuzz_sksl2glsl(sk_sp<SkData> bytes) {
+    SkSL::Compiler compiler;
+    std::string output;
+    bool result = compiler.toGLSL(SkSL::Program::kFragment_Kind,
+        (const char*)bytes->data(), default_caps(), &output);
+
+    if (!result) {
+        SkDebugf("[terminated] Couldn't compile input.\n");
+        return 1;
+    }
+    SkDebugf("[terminated] Success! Compiled input.\n");
+    return 0;
+}
+
 Fuzz::Fuzz(sk_sp<SkData> bytes) : fBytes(bytes), fNextByte(0) {}

 void Fuzz::signalBug   () { SkDebugf("Signal bug\n"); raise(SIGSEGV); }