skia2

AuroraMiddleware/skia2

Fork 0

Commit Graph

Author	SHA1	Message	Date
John Stiles	9d82e61c90	Only perform unrolled-size check on valid code. This analysis pass assumes we have a program with a valid structure--all loops must be ES2-compliant, and all function-calls must reference real functions that exist. If we detected an error during compilation, our program might not meet these criteria. Change-Id: I4c7aefb3221438643614f1e0cbc2bad40b94b161 Bug: skia:12396 Reviewed-on: https://skia-review.googlesource.com/c/skia/+/444982 Reviewed-by: Ethan Nicholas <ethannicholas@google.com> Commit-Queue: Ethan Nicholas <ethannicholas@google.com> Auto-Submit: John Stiles <johnstiles@google.com>	2021-09-03 15:51:11 +00:00
John Stiles	2ecc595e86	Migrate program finalization logic out of IRGenerator. Most of the logic in IRGenerator::finish has moved to Compiler::finalize. The @if/@switch pass has been combined with the pass that verifies no dangling FunctionReference/TypeReference expressions, saving one walk through the IR tree. Most program-finalization logic now exists in Compiler and Analysis. This change reorders our error generation logic slightly, and manages to squeeze a few extra (valid) errors out of one of our fuzzer-generated tests, but is not really intended to affect results in any significant way. Change-Id: I461de7c31f3980dedf74424e7826c032b1f40fd2 Reviewed-on: https://skia-review.googlesource.com/c/skia/+/444757 Commit-Queue: John Stiles <johnstiles@google.com> Commit-Queue: Ethan Nicholas <ethannicholas@google.com> Auto-Submit: John Stiles <johnstiles@google.com> Reviewed-by: Ethan Nicholas <ethannicholas@google.com>	2021-09-01 19:40:53 +00:00
John Stiles	e3f85e07fa	Add improved regression test for oss-fuzz:36655. Most of the code generated by the fuzzer is nonsense, but there is a method to its madness. The crash is only triggered under specific conditions: - The runtime effect has enough helper functions to mostly fill up the call graph hash-map. It won't rehash until it gets close to capacity. - There must be several calls to built-in functions, in order to add elements to the call graph to force a rehash. The fuzzer-generated code manages to satisfy both these requirements. Change-Id: I9a1d7535557fedd4e9bfece3930ac86ede291ffe Bug: oss-fuzz:36655 Reviewed-on: https://skia-review.googlesource.com/c/skia/+/437118 Auto-Submit: John Stiles <johnstiles@google.com> Reviewed-by: Ethan Nicholas <ethannicholas@google.com> Commit-Queue: John Stiles <johnstiles@google.com>	2021-08-06 13:03:32 +00:00

Author

SHA1

Message

Date

John Stiles

9d82e61c90

Only perform unrolled-size check on valid code.

This analysis pass assumes we have a program with a valid structure--all
loops must be ES2-compliant, and all function-calls must reference real
functions that exist. If we detected an error during compilation, our
program might not meet these criteria.

Change-Id: I4c7aefb3221438643614f1e0cbc2bad40b94b161
Bug: skia:12396
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/444982
Reviewed-by: Ethan Nicholas <ethannicholas@google.com>
Commit-Queue: Ethan Nicholas <ethannicholas@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>

2021-09-03 15:51:11 +00:00

John Stiles

2ecc595e86

Migrate program finalization logic out of IRGenerator.

Most of the logic in IRGenerator::finish has moved to
Compiler::finalize. The @if/@switch pass has been combined with the pass
that verifies no dangling FunctionReference/TypeReference expressions,
saving one walk through the IR tree. Most program-finalization logic now
exists in Compiler and Analysis.

This change reorders our error generation logic slightly, and manages to
squeeze a few extra (valid) errors out of one of our fuzzer-generated
tests, but is not really intended to affect results in any significant
way.

Change-Id: I461de7c31f3980dedf74424e7826c032b1f40fd2
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/444757
Commit-Queue: John Stiles <johnstiles@google.com>
Commit-Queue: Ethan Nicholas <ethannicholas@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Ethan Nicholas <ethannicholas@google.com>

2021-09-01 19:40:53 +00:00

John Stiles

e3f85e07fa

Add improved regression test for oss-fuzz:36655.

Most of the code generated by the fuzzer is nonsense, but there is a
method to its madness. The crash is only triggered under specific
conditions:
- The runtime effect has enough helper functions to mostly fill up the
  call graph hash-map. It won't rehash until it gets close to capacity.
- There must be several calls to built-in functions, in order to add
  elements to the call graph to force a rehash.

The fuzzer-generated code manages to satisfy both these requirements.

Change-Id: I9a1d7535557fedd4e9bfece3930ac86ede291ffe
Bug: oss-fuzz:36655
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/437118
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Ethan Nicholas <ethannicholas@google.com>
Commit-Queue: John Stiles <johnstiles@google.com>

2021-08-06 13:03:32 +00:00

3 Commits