Bug: skia:12302
Change-Id: I8cf958acf9214d0de903a4097647afd74f2a659e
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/441541
Reviewed-by: John Stiles <johnstiles@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
If the passed-in shader references RTFlip (i.e., sk_FragCoord is used),
the settings must contain RTFlip layout info; otherwise, an error
occurs. Originally, the fuzzer detected this as a problem because the
error was being delivered via SK_ABORT, but it's failing more cleanly
now that Ethan's new error handling code is in place (causing the fuzzer
to report that the bug was "fixed"). With this CL, the oss-fuzz shader
will actually compile successfully in SPIR-V instead of leading to an
error.
Change-Id: I3268e84bd8e01c95a25ed0845a37324e98033c4b
Bug: oss-fuzz:35916
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/439779
Auto-Submit: John Stiles <johnstiles@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
This CL doesn't actually allow the callbacks to be invoked from SkSL
yet, but the callbacks now exist and are now threaded through the
various callsites which will need them.
Change-Id: I00f43ff94de9da8d93daf2e59885eea6f87c2e3e
Bug: skia:12257
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/431696
Commit-Queue: John Stiles <johnstiles@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
Passing a color to a shader isn't supported in SkSL anymore.
Change-Id: Ic2743e519b69fa8add4c010166032b4dab2152a7
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/431938
Commit-Queue: John Stiles <johnstiles@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
We now have `sampleShader` and `sampleColorFilter`. This CL prepares us
for the addition of a third sampleable type, SkBlender, with a unique
signature (two colors, no coordinates).
Change-Id: I77ba9ba94a1c447d0ef10f5acb5ffe9b9395cfe1
Bug: skia:12257
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/431697
Commit-Queue: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
This CL preserves the "StringFragment" name as an alias for
string_view to reduce the impact. The StringFragment alias
will be removed in a followup CL.
Change-Id: I89209bc626b0be0d0190823b6217f4c83cafe1bc
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/416736
Commit-Queue: Ethan Nicholas <ethannicholas@google.com>
Reviewed-by: John Stiles <johnstiles@google.com>
Previously, when converting a program, the pipeline stage could assume
that an input to main() of type half4/float4 was always the input color.
This was a good assumption since the only possible inputs were
coordinates, or the input color.
This CL now recognizes that when a second float4 is passed to the main()
function, it should be a SK_DEST_COLOR_BUILTIN. This will let blend
functions pass in two colors.
ProgramToSkVM now takes a dest-color argument as well, but existing call
sites won't reference it (since they aren't for blend functions). I've
just passed the input-color a second time, since the value will never
actually be accessed.
Change-Id: I4214586bda605c6d287aa25b1b099e6ef5ba15a4
Bug: skia:12080
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/417261
Commit-Queue: John Stiles <johnstiles@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
This is a reland of adadb95a9f
... adds a temporary workaround for some Android framework code.
Original change's description:
> Better first-class shader & color filter support in runtime effects
>
> This does a few things, because they're all intertwined:
>
> 1) SkRuntimeEffect's API now includes details about children (which Skia
> stage was declared, not just the name). The factories verify that the
> declared types in the SkSL match up with the C++ types being passed.
> Today, we still only support adding children of the same type, so the
> checks are simple. Once we allow mixing types, we'll be testing the
> declared type against the actual C++ type supplied for each slot.
> 2) Adds sample variants that supply the input color to the child. This
> is now the only way to invoke a colorFilter child. Internally, we
> support passing a color when invoking a child shader, but I'm not
> exposing that. It's not clearly part of the semantics of the Skia
> pipeline, and is almost never useful. It also exposes users to
> several inconsistencies (skbug.com/11942).
> 3) Because of #2, it's possible that we can't compute a reusable program
> to filter individual colors. In that case, we don't set the constant
> output for constant input optimization, and filterColor4f falls back
> to the slower base-class implementation.
>
> Bug: skia:11813 skia:11942
> Change-Id: I06c41e1b35056e486f3163a72acf6b9535d7fed4
> Reviewed-on: https://skia-review.googlesource.com/c/skia/+/401917
> Commit-Queue: Brian Osman <brianosman@google.com>
> Reviewed-by: Mike Klein <mtklein@google.com>
Bug: skia:11813 skia:11942
Change-Id: I2c31b147ed86fa8c4dddefb7066bc1d07fe0d285
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/404637
Reviewed-by: Brian Salomon <bsalomon@google.com>
Reviewed-by: Mike Klein <mtklein@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
This reverts commit adadb95a9f.
Reason for revert: breaking android
Original change's description:
> Better first-class shader & color filter support in runtime effects
>
> This does a few things, because they're all intertwined:
>
> 1) SkRuntimeEffect's API now includes details about children (which Skia
> stage was declared, not just the name). The factories verify that the
> declared types in the SkSL match up with the C++ types being passed.
> Today, we still only support adding children of the same type, so the
> checks are simple. Once we allow mixing types, we'll be testing the
> declared type against the actual C++ type supplied for each slot.
> 2) Adds sample variants that supply the input color to the child. This
> is now the only way to invoke a colorFilter child. Internally, we
> support passing a color when invoking a child shader, but I'm not
> exposing that. It's not clearly part of the semantics of the Skia
> pipeline, and is almost never useful. It also exposes users to
> several inconsistencies (skbug.com/11942).
> 3) Because of #2, it's possible that we can't compute a reusable program
> to filter individual colors. In that case, we don't set the constant
> output for constant input optimization, and filterColor4f falls back
> to the slower base-class implementation.
>
> Bug: skia:11813 skia:11942
> Change-Id: I06c41e1b35056e486f3163a72acf6b9535d7fed4
> Reviewed-on: https://skia-review.googlesource.com/c/skia/+/401917
> Commit-Queue: Brian Osman <brianosman@google.com>
> Reviewed-by: Mike Klein <mtklein@google.com>
TBR=mtklein@google.com,bsalomon@google.com,brianosman@google.com
Change-Id: I94ba57e73305b2302f86fd0c1d76f667d4e45b92
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: skia:11813 skia:11942
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/404117
Reviewed-by: Greg Daniel <egdaniel@google.com>
Commit-Queue: Greg Daniel <egdaniel@google.com>
This does a few things, because they're all intertwined:
1) SkRuntimeEffect's API now includes details about children (which Skia
stage was declared, not just the name). The factories verify that the
declared types in the SkSL match up with the C++ types being passed.
Today, we still only support adding children of the same type, so the
checks are simple. Once we allow mixing types, we'll be testing the
declared type against the actual C++ type supplied for each slot.
2) Adds sample variants that supply the input color to the child. This
is now the only way to invoke a colorFilter child. Internally, we
support passing a color when invoking a child shader, but I'm not
exposing that. It's not clearly part of the semantics of the Skia
pipeline, and is almost never useful. It also exposes users to
several inconsistencies (skbug.com/11942).
3) Because of #2, it's possible that we can't compute a reusable program
to filter individual colors. In that case, we don't set the constant
output for constant input optimization, and filterColor4f falls back
to the slower base-class implementation.
Bug: skia:11813 skia:11942
Change-Id: I06c41e1b35056e486f3163a72acf6b9535d7fed4
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/401917
Commit-Queue: Brian Osman <brianosman@google.com>
Reviewed-by: Mike Klein <mtklein@google.com>
All internal usage has migrated to MakeFor..., this removes the old
program kind, and updates some tests.
Bug: skia:11813
Change-Id: I56733b071270e1ae3fab5d851e23acf6c02e3361
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/402536
Commit-Queue: Brian Osman <brianosman@google.com>
Reviewed-by: John Stiles <johnstiles@google.com>
Simplifies SampleUsage quite a bit (no need to track multiple kinds of
sampling, variable matrices don't exist any more, etc...).
Change-Id: I58b8de7218d00c4d882d2650672e5fe01892a062
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/402177
Reviewed-by: John Stiles <johnstiles@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
New entry point that does stricter checking on SkSL validity.
Bug: skia:11813
Change-Id: Icc8501c108af278e2fe1029859a552ea6ab6eb08
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/401056
Reviewed-by: Kevin Lubick <kjlubick@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
For now, just bolt this onto the existing runtime effects. The next step
is to add dedicated modes to the compiler for shader vs. color filter.
Once we get there, we will be much more strict about main signature in
each mode (and start adding other per-mode error checking).
Bug: skia:11813
Change-Id: I27e27600209e9844ae107364baea2fb949b47c3f
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/395838
Commit-Queue: Brian Osman <brianosman@google.com>
Reviewed-by: Mike Klein <mtklein@google.com>
Reviewed-by: Brian Salomon <bsalomon@google.com>
We are up to having seven distinct types of codegen, and will soon have
an 8th (DSL C++).
Change-Id: I6758328390c234ba1d5c30c118199dbc820af52a
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/395817
Commit-Queue: John Stiles <johnstiles@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Ethan Nicholas <ethannicholas@google.com>
Previously, the act of painting a Runtime Effect was causing its helper
functions to get inlined, even if inlining was disabled during the
initial SkSL generation. This meant that the "NoInline" path was not
actually very effective.
Change-Id: If8e3933be61df4a49d2e11d916d7fff22876315e
Bug: skia:11362
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/388099
Commit-Queue: John Stiles <johnstiles@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Ethan Nicholas <ethannicholas@google.com>
This was landed but not turned on. D'oh!
Bug: skia:10286
Change-Id: I65682370046c87c854d806253db32795ef3a9d14
Cq-Include-Trybots: luci.skia.skia.primary:Fuzz-Debian10-Clang
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/375736
Reviewed-by: Kevin Lubick <kjlubick@google.com>
Commit-Queue: Adlai Holler <adlai@google.com>
Bug: skia:11295
Change-Id: Iec11f3f4d26eb5b1c07707b3cedd09096bad80d0
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/371478
Commit-Queue: Brian Osman <brianosman@google.com>
Reviewed-by: Ethan Nicholas <ethannicholas@google.com>
Change-Id: I7be9a95bc190760245966c36ed088afd68108a5f
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/371316
Auto-Submit: Brian Osman <brianosman@google.com>
Reviewed-by: Mike Klein <mtklein@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
This change will allow these types to be forward-declared; C++ doesn't
allow forward declaration of types declared inside a struct. Moving
these types out of Programs resulted in a large diff.
The Settings::Value helper class has been moved inside of the
IRGenerator. In practice, it was actually just an implementation detail
of how IRGenerator looks up caps-values by name. It seems very unlikely
that this will be necessary elsewhere going forward.
Change-Id: I6119417fae608f1c492a27de746d2b550ef8ca20
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/370836
Reviewed-by: Ethan Nicholas <ethannicholas@google.com>
Commit-Queue: Ethan Nicholas <ethannicholas@google.com>
Commit-Queue: John Stiles <johnstiles@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Uses the pipeline-stage callback mechanism. It mangles the type name
(with a test to verify that this works), and then calls defineStruct
with the entire SkSL struct definition string.
Bug: skia:10939
Change-Id: If14cf1b11faaa80ad8d4086cdacf68532bac43fc
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/368809
Commit-Queue: Brian Osman <brianosman@google.com>
Reviewed-by: John Stiles <johnstiles@google.com>
Structs, enums, and global variables are all going to require name
mangling. Move that to a separate virtual on the callback. More
importantly, the generator is going to need to do type-name substitution
inside the function declaration string, so the contract has shifted:
The generator constructs the entire function declaration line (using the
mangled name it gets from the new callback), then it calls
defineFunction with two strings, and a flag indicating if this is main
or not.
Bug: skia:10939, skia:11295, skia:11296
Change-Id: I535eee9bfbb2337013b539908fe3d658ec3b2dbd
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/368397
Reviewed-by: John Stiles <johnstiles@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
There is now PipelineStage::ConvertProgram, which takes a collection of
callbacks, and processes an entire program. For program objects that may
need name mangling, the callbacks return the new name, which is recorded
and used for future references to that object (eg uniforms & functions).
The callbacks let the FP inject new elements programmatically:
- Declare uniforms and get handles
- Emit child functions
- Invoke child processors for calls to sample()
In a follow-up CL, we can add an skslc `.rte -> .sksl` mode, where the
callbacks just emit the description() of the relevant element. We can
also follow the same pattern to emit declarations of types (structs,
enums), and global variables.
Change-Id: I81df68a2f41bcb48f866d37af3b77ad43e880236
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/367058
Commit-Queue: Brian Osman <brianosman@google.com>
Reviewed-by: John Stiles <johnstiles@google.com>
This is now structured like the VM generator: Just a function that does
the conversion. Moved all relevant types and constants out of the
compiler, too. The key thing is that we don't need/want an error
handler, because it's too late to fail. We *must* catch all errors
during IR generation.
This is also another step along the path of directly emitting to the
fragment shader builder, rather than generating strings with
placeholders.
Bug: skia:11127
Change-Id: I18591270aa6e56dae1f040275a4b7d4a245007db
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/366956
Commit-Queue: Brian Osman <brianosman@google.com>
Reviewed-by: John Stiles <johnstiles@google.com>
This allows us to control the inline threshold of runtime effects in a
thread-safe way.
The new Make API now returns a struct, for readability; the old Make API
continues to return a tuple.
The old Make function is deprecated and subject to removal. You can
migrate to the new API by passing a default-constructed Options struct.
In this case there will be no difference in behavior.
Change-Id: Ic62d6f294f596d0a61095e35a87ccdbbe0b1cf93
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/363785
Reviewed-by: Brian Salomon <bsalomon@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
Commit-Queue: John Stiles <johnstiles@google.com>
Also cleanup some of the duplicate code in SkRecords
Bug: skia:7650
Change-Id: I4d3167a892c126c19a54002beab25c9a6c96fa5d
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/357000
Reviewed-by: Mike Reed <reed@google.com>
Commit-Queue: Mike Reed <reed@google.com>
This maps to usage better, and makes some code simpler to understand.
Note that there is still a PipelineStage *back-end*, which is specific
to the runtime-effect FP. A kRuntimeEffect_Kind program can be used to
generate a PipelineStage (for the GPU backend), or an skvm program (for
the CPU backend).
Change-Id: Id3f535db93a239726c595225aafe9467f0d19817
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/344969
Reviewed-by: John Stiles <johnstiles@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
This ties the caps to the compiler instance, paving the way for
pre-optimizing the shared code. Most of the time, the compiler is
created and owned the GPU instance, so this is fine. For runtime
effects, we now use the shared (device-agnostic) compiler instance
for the first compile, even on GPU. It's configured with caps that
apply no workarounds. We pass the user's SkSL to the backend as
cleanly as possible, and then apply any workarounds once it's part
of the full program.
Bug: skia:10905
Bug: skia:10868
Change-Id: Ifcf8d7ebda5d43ad8e180f06700a261811da83de
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/331493
Commit-Queue: Brian Osman <brianosman@google.com>
Reviewed-by: Brian Salomon <bsalomon@google.com>
Reviewed-by: John Stiles <johnstiles@google.com>
Move the SVG rendering code to modules/svg, and componentize.
Also split into include/src/utils.
As external clients still reference the old header locations,
introduce temporary forwarding headers to facilitate the migration.
This reverts commit d6cf56fd34.
TBR=
Change-Id: Ibadd7c8dc0464ec0c27841530ade0c2098305d20
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/327344
Commit-Queue: Florin Malita <fmalita@google.com>
Reviewed-by: Florin Malita <fmalita@google.com>
This reverts commit 6fc4106a9d.
Reason for revert: Blocking the Android roll
Original change's description:
> [svg] Relocate out of experimental
>
> Move the SVG rendering code to modules/svg, and componentize.
> Also split into include/src/utils.
>
> As external clients still reference the old header locations,
> introduce temporary forwarding headers to facilitate the migration.
>
> Change-Id: Ib289dbdcd80c16a01c47805e7242f2e08bebc165
> Reviewed-on: https://skia-review.googlesource.com/c/skia/+/326948
> Reviewed-by: Tyler Denniston <tdenniston@google.com>
> Commit-Queue: Florin Malita <fmalita@google.com>
TBR=fmalita@chromium.org,fmalita@google.com,tdenniston@google.com
Change-Id: I386cf77a15a9e1d392029804abaf937dae53f435
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/327342
Reviewed-by: Robert Phillips <robertphillips@google.com>
Commit-Queue: Robert Phillips <robertphillips@google.com>
Move the SVG rendering code to modules/svg, and componentize.
Also split into include/src/utils.
As external clients still reference the old header locations,
introduce temporary forwarding headers to facilitate the migration.
Change-Id: Ib289dbdcd80c16a01c47805e7242f2e08bebc165
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/326948
Reviewed-by: Tyler Denniston <tdenniston@google.com>
Commit-Queue: Florin Malita <fmalita@google.com>
This should fix the chrome roll.
Change-Id: I2de68f972996bf6124cf5cc27dfd538aa1161057
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/316877
Auto-Submit: Kevin Lubick <kjlubick@google.com>
Reviewed-by: Leon Scroggins <scroggo@google.com>
Commit-Queue: Kevin Lubick <kjlubick@google.com>
We had several defines around the code base that were not
very descriptive. Additionally, we had a patch of extra
runtime restrictions living in oss-fuzz that were applied
when fuzzing over there for some fuzzers.
This has all be consolidated and controlled via the defines
documented in site/dev/testing/fuzz.md
As such, we can remove one of the patches that is in oss-fuzz,
taking us closer to being able to fuzz in the CI/CQ.
PS 1 renames existing fuzz defines to the new schema.
PS 2-3 backports skia.diff from oss-fuzz and changes those
definitions to have the _GREATLY modifier.
PS 5+ further condenses the defines so that there is one
define for gating the runtime checks.
Change-Id: Ia4ad96f30c1e9620a2123b510e97c6f501a2e257
Docs-Preview: https://skia.org/?cl=316443
Bug: skia:10713
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/316443
Commit-Queue: Kevin Lubick <kjlubick@google.com>
Reviewed-by: Mike Klein <mtklein@google.com>
Keep the same default value, but add a (private) API to change it when
compiling SkRuntimeEffect code.
Use the new API to improve fuzzer coverage, by fuzzing with inlining
disabled and (enthusiastically) enabled.
This reverts commit 3e8fae7193, reworked
to avoid the static initializer.
Change-Id: I7e6cd39d4af2daa4b1be41f1c7d99f32df7a51ab
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/309664
Reviewed-by: Brian Osman <brianosman@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
Runtime effects previously allowed two kinds of global input variables:
'in' variables could be bool, int, or float. 'uniform' could be float,
vector, or matrix. Uniform variables worked like you'd expect, but 'in'
variables were baked into the program statically. There was a large
amount of machinery to make this work, and it meant that 'in' variables
needed to have values before we could make decisions about program
caching, and before we could catch some errors. It was also essentially
syntactic sugar over the client just inserting the value into their SkSL
as a string. Finally: No one was using the feature.
To simplify the mental model, and make the API much more predictable,
this CL removes 'in' variables entirely. We no longer need to
"specialize" runtime effect programs, which means we can catch more
errors up front (those not detected until optimization). All of the API
that referred to "inputs" (the previous term that unified 'in' and
'uniform') now just refers to "uniforms".
Bug: skia:10593
Change-Id: I971f620d868b259e652b3114f0b497c2620f4b0c
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/309050
Commit-Queue: Brian Osman <brianosman@google.com>
Reviewed-by: Brian Salomon <bsalomon@google.com>
Reviewed-by: John Stiles <johnstiles@google.com>
This reverts commit ad3db40d78.
Reason for revert: Chrome doesn't like static initializers.
Original change's description:
> Add inline threshold to SkSL::Program::Settings
>
> Keep the same default value, but add a (private) API to change it when
> compiling SkRuntimeEffect code.
>
> Use the new API to improve fuzzer coverage, by fuzzing with inlining
> disabled and (enthusiastically) enabled.
>
> Change-Id: I36424bac95144aeb727cfb949754fbe998d5d7de
> Reviewed-on: https://skia-review.googlesource.com/c/skia/+/308181
> Commit-Queue: Brian Osman <brianosman@google.com>
> Reviewed-by: Kevin Lubick <kjlubick@google.com>
> Reviewed-by: Ethan Nicholas <ethannicholas@google.com>
TBR=kjlubick@google.com,brianosman@google.com,ethannicholas@google.com
Change-Id: Ic233203f3728a7285a1958c53567d915e56023af
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/308757
Reviewed-by: Brian Osman <brianosman@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
Keep the same default value, but add a (private) API to change it when
compiling SkRuntimeEffect code.
Use the new API to improve fuzzer coverage, by fuzzing with inlining
disabled and (enthusiastically) enabled.
Change-Id: I36424bac95144aeb727cfb949754fbe998d5d7de
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/308181
Commit-Queue: Brian Osman <brianosman@google.com>
Reviewed-by: Kevin Lubick <kjlubick@google.com>
Reviewed-by: Ethan Nicholas <ethannicholas@google.com>
SkDescriptor's programatic API is neither
exposed for untrusted use nor harded for it.
Why are we fuzzing it?
Do we need a change in oss-fuzz before deleting this?
Bug: oss-fuzz:19648
Bug: oss-fuzz:24417
Change-Id: Id8d075938d831ec8cad4014c8fe6efaef46edb55
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/307177
Reviewed-by: Kevin Lubick <kjlubick@google.com>
Reviewed-by: Herb Derby <herb@google.com>
Auto-Submit: Mike Klein <mtklein@google.com>
Commit-Queue: Mike Klein <mtklein@google.com>
This is an attempt to fuzz the usage of SkSurfaceCharacterization,
SkDeferredDisplayRecorder, and SkDeferredDisplayList.
This fuzzer first makes a surface and characterization from
GrDirectContext and then create a DDL and draw it on the surface.
The code is compiled with ninja and run with AFL at the speed around
600/sec
The future changes will include:
1. An alternative way to create DDL: first create the surface and
extract the characterization from that existing surface.
2.currently we just pass the ownership of the DDL into draw_ddl. In
the future we should add a version that retains ownership of the DDL
in order to fuzz the lifetime of the DDL.
3. Refactorize line 62-119
Change-Id: I9cd9736813be3abc82430bd4eeb559d6993ecbd4
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/303600
Commit-Queue: Zepeng Hu <zepenghu@google.com>
Reviewed-by: Kevin Lubick <kjlubick@google.com>
Reviewed-by: Robert Phillips <robertphillips@google.com>
The major improvement is that now the fuzzer is able to execute
the sksl code (before it just compiled it). The fuzzer will
reserve 256 bytes for providing uniforms to the shader;
meanwhile, the fuzzer will read the remaining bytes as sksl code
to create SkRuntimeEffect. It then creates a shader and executes
it by painting the shader on a canvas.
The code was tested locally with afl-fuzz, and the execution
speed was around 700/sec.
An alternative implementation would have been using Fuzz.h to
read bytes; I decided to go with sk_sp<SkData> since it has a
comparable format to other binary fuzzer and meets all the
functionality in this fuzzer.
For future changes, there are 2 important improvements to the
implementation:
1) Current shader does not have children shaders; thus,
makeShader() will fail if the SkSL ever tries to use an 'in shader'.
As pointed out in patchset 11, after creating the runtime effect,
effect->children().count() will tell you how many children it's
expecting (how many 'in shader' variables were declared). When you
call makeShader(), the second and third arguments are a
(C-style) array of shader pointers, and
a count (which must match children().count()).
Some helpful examples can be SkRTShader::CreateProc in
SkRuntimeEffect.cpp, make_fuzz_shader in FuzzCanvas.cpp.
2)
In this fuzzer, after creating the paint from a shader, the paint
can be drawn on either GPU canvas or CPU, so a possible way is to
use SkSurface::MakeRenderTarget to create GPU canvas and use a byte
to determine which canvas it will be drawn on.
Change-Id: Ib0385edd0f5ec2f23744aa517135a6955c53ba38
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/300618
Commit-Queue: Zepeng Hu <zepenghu@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
Reviewed-by: Kevin Lubick <kjlubick@google.com>
When manipulating svg file, the implementation of SkSVGCanvas will be used instead of the
implementation of SkCanvas, so the api are tested against SkSVGCanvas. In addition, there are
more api need to be covered in the function fuzz_canvas. As a result, the main changes are to
add new DEF_FUZZ for SkSVGCanvas and to modify fuzz_canvas to increase the coverages of api.
Change-Id: Iaf6114bb0e2929c73549ff398c3db5592e736ea2
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/298977
Commit-Queue: Zepeng Hu <zepenghu@google.com>
Reviewed-by: Kevin Lubick <kjlubick@google.com>
Reviewed-by: Mike Klein <mtklein@google.com>
Bundling the pipeline stage arguments also simplifies the code in
several spots.
Change-Id: I85e81b436a39378f753cc9404b6eeb27fe055525
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/261778
Reviewed-by: Brian Salomon <bsalomon@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
