This reverts commit db38ad7b14.
Reason for revert: breaking g3 roll since it thinks the test case is "binary" not flagged as binary
Original change's description:
> Fixed DSL assertion error on source files containing nulls
>
> The assertion was there to make sure we weren't running off the end of
> the source, but naturally fails in the presence of legitimate embedded
> nulls.
>
> Change-Id: I3b80499e9b182c9ea046c479f35d7a965d548401
> Bug: oss-fuzz:38107
> Reviewed-on: https://skia-review.googlesource.com/c/skia/+/447182
> Commit-Queue: Ethan Nicholas <ethannicholas@google.com>
> Reviewed-by: John Stiles <johnstiles@google.com>
> Reviewed-by: Brian Osman <brianosman@google.com>
Bug: oss-fuzz:38107
Change-Id: I650d12d728b5d932bda79e81205b873d8b44771f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/447936
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Michael Ludwig <michaelludwig@google.com>
Bug: skia:10205
Change-Id: Ia2dd9b99f5282a46aaeaf8eac54c9f6bfd583fc6
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/445617
Reviewed-by: Mike Reed <reed@google.com>
Commit-Queue: Michael Ludwig <michaelludwig@google.com>
The assertion was there to make sure we weren't running off the end of
the source, but naturally fails in the presence of legitimate embedded
nulls.
Change-Id: I3b80499e9b182c9ea046c479f35d7a965d548401
Bug: oss-fuzz:38107
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/447182
Commit-Queue: Ethan Nicholas <ethannicholas@google.com>
Reviewed-by: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
Bug: oss-fuzz:38140
Change-Id: I76a1b3ef8289b3089192d043d173677c00741a54
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/445836
Commit-Queue: Ethan Nicholas <ethannicholas@google.com>
Reviewed-by: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
Bug: chromium:1239558
Change-Id: Ibc4655adaa72d1abf306940dd8b5e2f6a8b0edd9
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/446923
Reviewed-by: Mike Reed <reed@google.com>
Commit-Queue: Michael Ludwig <michaelludwig@google.com>
Change-Id: If57fb5acbf5bd0cfeadc54dd12c3ba1da0840491
Bug: skia:12202
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/447416
Commit-Queue: John Stiles <johnstiles@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
Compile-time optimization is not yet implemented so the generated code
contains a lot of checks which will be optimized away in a followup CL.
Change-Id: I83b5df8580a6712686d18812e3848a703feac315
Bug: skia:12202
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/447300
Commit-Queue: John Stiles <johnstiles@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
In response to a non-identifier token after a dot, DSLParser would
attempt to swizzle a zero-length field and fail an assertion.
The same basic code path exists in the old compiler, but the resulting
parse error causes the process to abort before it attempts to process
the zero-length swizzle.
Bug: oss-fuzz:38106
Change-Id: Ifd997ce1d564b5f6ef0a9a785d8d9e254785e600
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/446185
Reviewed-by: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
I wrote some code which needed Round(); it isn't in ES2 so it wasn't in
the DSL intrinsic set yet.
Change-Id: I304f61b502a68d255d15899181e34fcae2ef16a0
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/447017
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Ethan Nicholas <ethannicholas@google.com>
Commit-Queue: John Stiles <johnstiles@google.com>
This test fails on my work laptop (Radeon 5300M) so simply disabling it
on the tree isn't sufficient in this case. We don't seem to have a test
opt-out mechanism that automatically applies to local runs of dm.
Change-Id: I83582f0cdc3c9e6a61e6dc8e07851b9705143423
Bug: skia:12434
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/447057
Reviewed-by: Brian Osman <brianosman@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Metal doesn't natively offer this intrinsic at all, but we now write an
equivalent template function whenever the intrinsic is encountered.
Proper testing will be added in a followup CL (when outerProduct is made
available in public SkSL).
Change-Id: Ie8d6bf8d735d0ab45b7559be68036b08c5802365
Bug: skia:12202
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/447296
Commit-Queue: John Stiles <johnstiles@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
Bug: chromium:1241134
Change-Id: If99fbd62aaa9e2b5d064fdec6a010d3ab0f9dd66
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/446817
Commit-Queue: Greg Daniel <egdaniel@google.com>
Reviewed-by: Michael Ludwig <michaelludwig@google.com>
This includes compile-time optimization and tests.
The unit test is disabled in a followup CL
(http://review.skia.org/447057) because it exposes a Radeon 5300M bug
in OpenGL.
Change-Id: I8b2f0411358aeb68c4edfeb0bd7a2814c4be1f40
Bug: skia:12202
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/447056
Reviewed-by: Brian Osman <brianosman@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Commit-Queue: John Stiles <johnstiles@google.com>
Bug: skia:10412
Bug: skia:12437
Change-Id: I93077bbd2ed40252966305df1b93ceb813218828
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/446181
Reviewed-by: Eric Boren <borenet@google.com>
Reviewed-by: Michael Ludwig <michaelludwig@google.com>
Commit-Queue: Robert Phillips <robertphillips@google.com>
It turned out that Metal had equivalent intrinsics/casts all along; we
just needed to emit them.
Tests will be improved in a followup CL which adds the ES3-compatible
packing intrinsics into sksl_public.
Change-Id: Iec8a20b9f9fe9b1badea2944eb0b1f0a17c74560
Bug: skia:12351
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/446744
Commit-Queue: John Stiles <johnstiles@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
The test has been improved and now covers a variety of values. Because
this intrinsic has side-effects (an out-param), we do not support
optimizing it or treating it as a constant-expression.
The modf documentation doesn't mention anything about constant-
expression support or lack thereof. Experimentally, modf is also not
treated as a constant-expression by Apple GLSL or glslang:
http://screen/4RWwYKr6vCjxCPQhttp://screen/45ttDTVAFGDRyxP
Change-Id: I15bb1de80e90fa97ddf8e9d3803352603b9608d0
Bug: skia:12202
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/446396
Commit-Queue: John Stiles <johnstiles@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
The code in writeFunctionCall which supported swizzled out-params has
been factored out into a pair of helper functions. The code for emitting
intrinsics now relies on these helpers when emitting out-params.
Change-Id: I4436185ae107d70b529e7e1ea0dd89f844c6a673
Bug: skia:11052
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/446719
Auto-Submit: John Stiles <johnstiles@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
This reverts commit 0f4304e6e7.
Reason for revert: breaks Adreno 6xx
Original change's description:
> Add RelaxedPrecision decoration to function-call temp vars.
>
> This is really same basic issue as http://review.skia.org/446640. We
> were creating a temp variable but ignoring its type's precision.
>
> Change-Id: I9a5fedd7ada864d36757fc196f42ff95bac7d706
> Reviewed-on: https://skia-review.googlesource.com/c/skia/+/446718
> Commit-Queue: John Stiles <johnstiles@google.com>
> Auto-Submit: John Stiles <johnstiles@google.com>
> Reviewed-by: Brian Osman <brianosman@google.com>
Change-Id: I6ae4e264b60f7f38a1abb5f1d0324461a33c896d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/446742
Auto-Submit: John Stiles <johnstiles@google.com>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
An unused child that used its coordinates would triggers asserts in the
GP - we expect that all FPs are sampled/invoked. This generates slightly
sub-optimal code (we compute and interpolate the local coordinates for
that child FP), but it's not likely to happen in real code.
Bug: skia:12429
Change-Id: Ic2ddc65d16a7e1f47af8c4192e5ff9ea329bf335
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/446836
Commit-Queue: Brian Osman <brianosman@google.com>
Reviewed-by: John Stiles <johnstiles@google.com>
This is really same basic issue as http://review.skia.org/446640. We
were creating a temp variable but ignoring its type's precision.
Change-Id: I9a5fedd7ada864d36757fc196f42ff95bac7d706
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/446718
Commit-Queue: John Stiles <johnstiles@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
skgpu::v2::Device will also need both of these so move them somewhere accessible
Bug: skia:11837
Change-Id: Iacaf0332da933515451056eeda62949b049378b7
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/446180
Reviewed-by: Michael Ludwig <michaelludwig@google.com>
Commit-Queue: Robert Phillips <robertphillips@google.com>
We don't need to initialize input values for `out` params. (We were
treating them the same as `inout`.)
Change-Id: Ib447d15de237a6a03740ad012180691dc60a50bd
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/446717
Commit-Queue: Brian Osman <brianosman@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Previously we were not honoring the variable precision at all (passing
null to nextId).
Change-Id: I0e217e6c0d3d701dc0540d4d4069a3597abdad11
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/446640
Commit-Queue: John Stiles <johnstiles@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
Bug: skia:9282
Change-Id: I04afd352ad8c0c167993f29f4293d857f5af7170
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/445619
Reviewed-by: Robert Phillips <robertphillips@google.com>
Commit-Queue: Michael Ludwig <michaelludwig@google.com>
DSL was improperly allowing interface blocks in runtime shaders, which
caused PipelineStageGenerator to get upset.
Bug: oss-fuzz:38131
Change-Id: I593e68f2cab3db9151d606e65e2826ffa9c494e2
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/446324
Commit-Queue: Ravi Mistry <rmistry@google.com>
Commit-Queue: Ethan Nicholas <ethannicholas@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
Reviewed-by: John Stiles <johnstiles@google.com>
Two minor changes:
- Converting a Block with bad statements will now generate a partial
block instead of nullptr.
The change mirrors how DSL behaves; functions containing invalid
statements will now be created and added to the program. Previously, we
would discard a function definition with any invalid statements inside;
this prevented duplicate-function-definition errors from appearing.
- Converting a return with a bad expression will now generate a
poisoned return instead of nullptr.
This change improves diagnostics for functions with invalid return
statements. If we eliminate the return statements (by returning null),
we report bad return statements as "function can exit without returning
a value" (which is confusing).
Change-Id: I6d998d5c50585f8d96bb7e3cb7f59b63125d6a62
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/446325
Commit-Queue: John Stiles <johnstiles@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Ethan Nicholas <ethannicholas@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
To do this with a clean conscience, I needed to convert the unroll-
counting logic from a linear time algorithm to constant-time. Getting
all the edge cases correct requires a lot of care, and there are now
plenty of unit tests.
Change-Id: I620909d069ac425b7310e345bf80ec844fe035f8
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/445643
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
Commit-Queue: John Stiles <johnstiles@google.com>
This allows us to get rid of a lot of .c_str()'s.
Change-Id: I09102f90d69620614dc5a7a2ebc64bd3e9b1c437
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/445816
Commit-Queue: Ethan Nicholas <ethannicholas@google.com>
Reviewed-by: John Stiles <johnstiles@google.com>
Several fuzzer issues, and one Chromium issue that's blocking the roll.
Bug: chromium:1246795
Bug: skia:12423
Change-Id: I00370b74569b447e543d9a1f22c588eb493063da
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/445960
Reviewed-by: John Stiles <johnstiles@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
Auto-Submit: Brian Osman <brianosman@google.com>
An ES2-compatible for loop supports six separate rel-ops:
< <= > >= != ==
Each rel-op, in addition to its expected usage, is also able to
represent a loop which never terminates, as well as a loop which
terminates instantly. Since SkVM unrolls these loops, we should make
sure we do it properly. We now have unit tests for all of these cases.
Change-Id: Icae04d48bc158bf8c0c98db97f76756a1a29110c
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/445756
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
Commit-Queue: John Stiles <johnstiles@google.com>
Intrinsic-call optimization can be triggered during inlining. In this
case, inlining turned `normalize(x)` into `normalize(constant-value)`.
DSL is used to implement optimizations for a handful of intrinsic calls,
including `normalize`, which internally relies on `length`.
The DSL expects that it can use the IRGenerator to handle function
calls. This was not working because we were finished with the initial
compilation pass, and the IRGenerator's symbol table is removed when
finish() was called.
We now temporarily give a symbol table back to the IRGenerator while
the inliner runs. We remove it again as soon as inlining is complete.
Change-Id: I6da98788d93749ffeb008c1f4c3f72b436e8ceeb
Bug: oss-fuzz:37994
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/445956
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
Commit-Queue: John Stiles <johnstiles@google.com>
Change-Id: Id894eb70273454716eb33c85dff2056333e90cdd
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/445281
Reviewed-by: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
Commit-Queue: Ethan Nicholas <ethannicholas@google.com>
Bug: skia:12302
Change-Id: I4ff394f1f9d93d2def19a9f9d49cb208651aff10
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/445639
Commit-Queue: Brian Osman <brianosman@google.com>
Reviewed-by: John Stiles <johnstiles@google.com>
Also update RELEASE_NOTES to describe new syntax.
Change-Id: I2666551b98f80b61ae3a48c92a9e306cdc7242b0
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/444735
Commit-Queue: Brian Osman <brianosman@google.com>
Reviewed-by: John Stiles <johnstiles@google.com>
This analysis pass assumes we have a program with a valid structure--all
loops must be ES2-compliant, and all function-calls must reference real
functions that exist. If we detected an error during compilation, our
program might not meet these criteria.
Change-Id: I4c7aefb3221438643614f1e0cbc2bad40b94b161
Bug: skia:12396
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/444982
Reviewed-by: Ethan Nicholas <ethannicholas@google.com>
Commit-Queue: Ethan Nicholas <ethannicholas@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
This moves the swizzle domain test into the path used by the DSL so that
the error check benefits both sides. To make this possible we need to
be able to distinguish between equivalent swizzle components like x and
r, so they aren't collapsed down to the same component until the very
end.
Change-Id: I48f2582886391eabd7ce6eae949babdeead6051e
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/445280
Reviewed-by: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
Commit-Queue: Ethan Nicholas <ethannicholas@google.com>
Previously, deeply-nested loops could lead to stack overflow during SkVM
dead-code elimination. The DCE algorithm in SkVM now stores its worklist
on the heap and does not rely on recursion. Since we now enforce an
upper bound on maximum program size within SkSL, this worklist's size
should always be reasonable and bounded.
Change-Id: I8b7955298b2540a9f600fc5d94d3bc804c68632c
Bug: skia:12396, oss-fuzz:37827, oss-fuzz:37837
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/445597
Reviewed-by: Brian Osman <brianosman@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Our program-size analysis pass needs to recurse into called functions;
depending on the exact order of functions in the program, this recursion
can hypothetically be as deep as the deepest function-call chain. Set an
upper bound on recursion here, so we don't overflow the stack while
trying to check the program size. In practice, 50 frames is far deeper
than a regular shader should ever go.
Change-Id: I733ee48dad6f8053facdfd9f6d8a2b9b2a4af188
Bug: skia:12396
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/445279
Reviewed-by: Brian Osman <brianosman@google.com>
Commit-Queue: John Stiles <johnstiles@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
This allows us to remove the static-recursion analysis pass entirely,
while still providing the same results.
Change-Id: If1564cd4df55be86ca4e0bf53ecc094ba76007df
Bug: skia:12396
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/445296
Commit-Queue: John Stiles <johnstiles@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
The fuzzer is currently learning to make unboundedly-large programs by
nesting medium-size loops repeatedly. SkVM doesn't have a mechanism to
limit the ensuing explosion of code and ends up making unreasonably deep
stacks and/or unreasonably large programs.
SkSL now enforces an upper bound of approximately 100,000 IR nodes on a
fully-flattened, fully-inlined strict-ES2 program. The limit is picked
out of thin air, but this should be enough to prevent SkVM from going
haywire while still being large enough to handle any reasonable program.
We can definitely tune this value if we find that it is too large
(admitting dangerous code) or too small (rejecting good code).
Change-Id: I11735636175721fbc79460b4e194d8e4b42dc47d
Bug: skia:12396, oss-fuzz:37827, oss-fuzz:37837
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/444358
Auto-Submit: John Stiles <johnstiles@google.com>
Commit-Queue: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
Change-Id: I06ba9dd9ed8af8555233ddfa10d3e0ec6babc2ea
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/444759
Commit-Queue: Brian Osman <brianosman@google.com>
Reviewed-by: John Stiles <johnstiles@google.com>
Most of the logic in IRGenerator::finish has moved to
Compiler::finalize. The @if/@switch pass has been combined with the pass
that verifies no dangling FunctionReference/TypeReference expressions,
saving one walk through the IR tree. Most program-finalization logic now
exists in Compiler and Analysis.
This change reorders our error generation logic slightly, and manages to
squeeze a few extra (valid) errors out of one of our fuzzer-generated
tests, but is not really intended to affect results in any significant
way.
Change-Id: I461de7c31f3980dedf74424e7826c032b1f40fd2
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/444757
Commit-Queue: John Stiles <johnstiles@google.com>
Commit-Queue: Ethan Nicholas <ethannicholas@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Ethan Nicholas <ethannicholas@google.com>
The fuzzer discovered that, when we attempt to verify that an array
doesn't contain any literal values that are out-of-range for its base
type, we pay a linear-time cost based on the size of the array. This
happens even when the array value isn't known at compile time; we still
iterate over its slot count and diligently discover that every single
constant-subexpression slot in the expression is "null".
We now have a helper function on Expression,
`allowsConstantSubexpressions`, which only returns true for expression
kinds that can contain constant subexpressions. We use this helper to
skip over this linear-per-subexpression check when the expression
cannot possibly contain a constant subexpression. In particular,
`AnyConstructor::compareConstant` and `Type::checkForOutOfRangeLiteral`
will now early-out for expressions that can't possibly contain a
constant subexpression.
Change-Id: Ia34e422afa67b478a8616acb0a0e9cd211b29698
Bug: oss-fuzz:37900
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/444136
Commit-Queue: John Stiles <johnstiles@google.com>
Commit-Queue: Ethan Nicholas <ethannicholas@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Ethan Nicholas <ethannicholas@google.com>
