Commit Graph

55 Commits

Author SHA1 Message Date
John Stiles
64c907c052 Mark private types as invalid in the public symbol table.
Previously, in public code, private types didn't exist anywhere in the
symbol table chain, and those names were free for the taking. Now, we
register them as invalid types in the public symbol table. This prevents
them from being used as variable names, and gives a more explicit error
if you try to use them as a type.

Change-Id: I9a943bf923639b72cbf36b1acf4b4fbe70982786
Bug: skia:12538
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/459119
Commit-Queue: John Stiles <johnstiles@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
2021-10-13 20:41:09 +00:00
John Stiles
ff5bb37b72 Replace illegal DSLTypes with Poison types.
The fuzzer has been poking various holes in DSL by intentionally
creating illegal types (e.g. private or not ES2-compatible), then
finding ways to use those types, e.g. constructors or swizzles.

Previously we were mitigating those by calling `reportIllegalTypes` at
the locations where the type was used. Now, we detect the illegal type
usage at the source, and return a poison DSLType. This prevents the
illegal type from leaking out at all, and stops the problem at its
source. It also allows us to remove calls to `reportIllegalTypes`
sprinkled through the code, as those are now redundant.

Change-Id: Id50b50f72849111d80f76e4fdc2cb6094d3009bd
Bug: oss-fuzz:39597
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/455999
Auto-Submit: John Stiles <johnstiles@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
Reviewed-by: Ethan Nicholas <ethannicholas@google.com>
2021-10-06 00:12:07 +00:00
John Stiles
9efdc041bb Remove Type::containsPrivateFields.
`Type::isPrivate` now works properly even on structs and arrays, so we
don't need two separate methods anymore.

Change-Id: Ic3e16e1315ebb0c8cec575f109af7e472a11ac8c
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/455660
Commit-Queue: John Stiles <johnstiles@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
2021-10-04 19:08:51 +00:00
John Stiles
a106472197 Reland "Disallow constructors of ES3 types in ES2 code."
This is a reland of 36f53ec7e1

Original change's description:
> Disallow constructors of ES3 types in ES2 code.
>
> The fuzzer found that we constructed TypeReferences without first
> checking for disallowed tyoes. (In fact, TypeReference creation had no
> error checking at all; it didn't even have Convert/Make functions.)
>
> Added proper Convert/Make to TypeReference, and used those calls to
> report errors or cause assertions if trying to make a TypeReference to a
> type that the program did not support.
>
> (While tracking down this bug, I added strict-ES2 type assertions to our
> constructor IR nodes as well. This helped pinpoint the error and seem
> reasonable to leave in, just in case.)
>
> Change-Id: I896b68ae9d3d9e1f30d7eba9fa594617ab851c74
> Bug: oss-fuzz:39540
> Reviewed-on: https://skia-review.googlesource.com/c/skia/+/455498
> Commit-Queue: John Stiles <johnstiles@google.com>
> Commit-Queue: Brian Osman <brianosman@google.com>
> Auto-Submit: John Stiles <johnstiles@google.com>
> Reviewed-by: Brian Osman <brianosman@google.com>

Bug: oss-fuzz:39540
Change-Id: Id8e323c22b18726214613b6061c08873048b7c69
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/455617
Auto-Submit: John Stiles <johnstiles@google.com>
Commit-Queue: John Stiles <johnstiles@google.com>
Reviewed-by: Ethan Nicholas <ethannicholas@google.com>
2021-10-04 17:51:00 +00:00
John Stiles
e03f1c101c Revert "Disallow constructors of ES3 types in ES2 code."
This reverts commit 36f53ec7e1.

Reason for revert: breaks DS3Types test

Original change's description:
> Disallow constructors of ES3 types in ES2 code.
>
> The fuzzer found that we constructed TypeReferences without first
> checking for disallowed tyoes. (In fact, TypeReference creation had no
> error checking at all; it didn't even have Convert/Make functions.)
>
> Added proper Convert/Make to TypeReference, and used those calls to
> report errors or cause assertions if trying to make a TypeReference to a
> type that the program did not support.
>
> (While tracking down this bug, I added strict-ES2 type assertions to our
> constructor IR nodes as well. This helped pinpoint the error and seem
> reasonable to leave in, just in case.)
>
> Change-Id: I896b68ae9d3d9e1f30d7eba9fa594617ab851c74
> Bug: oss-fuzz:39540
> Reviewed-on: https://skia-review.googlesource.com/c/skia/+/455498
> Commit-Queue: John Stiles <johnstiles@google.com>
> Commit-Queue: Brian Osman <brianosman@google.com>
> Auto-Submit: John Stiles <johnstiles@google.com>
> Reviewed-by: Brian Osman <brianosman@google.com>

Bug: oss-fuzz:39540
Change-Id: I1dc3ccca477fcb9fe3f39cfe8af1fd54dcb18d6b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/455616
Auto-Submit: John Stiles <johnstiles@google.com>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: John Stiles <johnstiles@google.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
2021-10-04 15:36:08 +00:00
John Stiles
36f53ec7e1 Disallow constructors of ES3 types in ES2 code.
The fuzzer found that we constructed TypeReferences without first
checking for disallowed tyoes. (In fact, TypeReference creation had no
error checking at all; it didn't even have Convert/Make functions.)

Added proper Convert/Make to TypeReference, and used those calls to
report errors or cause assertions if trying to make a TypeReference to a
type that the program did not support.

(While tracking down this bug, I added strict-ES2 type assertions to our
constructor IR nodes as well. This helped pinpoint the error and seem
reasonable to leave in, just in case.)

Change-Id: I896b68ae9d3d9e1f30d7eba9fa594617ab851c74
Bug: oss-fuzz:39540
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/455498
Commit-Queue: John Stiles <johnstiles@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
2021-10-04 15:02:24 +00:00
John Stiles
8d2bd04df8 Add test for construction of non-ES2 types.
All of these lines are errors but most of them are currently not
detected by our strict-ES2 checks. This is fixed in a followup CL.

Change-Id: Ifeba9aba3ce3f1bddd1c701dfc4622505e424ea7
Bug: oss-fuzz:39540
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/455497
Commit-Queue: John Stiles <johnstiles@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
2021-10-04 15:02:21 +00:00
John Stiles
cb40008b43 Implement switch in SkVM.
SkVM implements switches as a pseudo-loop; breaks are handled with the
condition mask just like a for loop. Fallthrough is handled via a
scratch Value in a temporary slot. `writeStore` neeeded to be refactored
to support writing into slot(s) without an associated Variable.

At IR generation time, SwitchStatements are now emitted without error
even in strict-ES2 mode. The GLSL code generator currently reports these
as an error in strict-ES2 mode, but this will be fixed in a followup
coming shortly (the switch will be rewritten as ifs inside a one-shot
loop, similar to our IR-rewrite strategy).

Change-Id: I5507257246c42a35d2f46b4b9a89492a5ffeff9b
Bug: skia:12450
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/451421
Reviewed-by: Brian Osman <brianosman@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
2021-09-23 19:58:55 +00:00
Ethan Nicholas
2280058446 Reenable DSLParser
Change-Id: I1819b2c40902611d7e86245bff73ad8c2bd7629c
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/449060
Commit-Queue: Ethan Nicholas <ethannicholas@google.com>
Reviewed-by: John Stiles <johnstiles@google.com>
2021-09-16 15:28:19 +00:00
John Stiles
a047e8bf4d Improve overflow checks in CheckProgramUnrolledSize.
The fuzzer discovered that it could overflow the program-size value.
Rewrote the logic to use SkSafeMath everywhere, and to early-exit as
soon as a statement manages to exceed the program size.

Change-Id: I01511b2201173c95ebc1ac602901410ac9d74d73
Bug: oss-fuzz:38697
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/449098
Reviewed-by: Brian Osman <brianosman@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
2021-09-15 16:42:45 +00:00
John Stiles
78b84cc76a Fix size calculation of blockless for-loops.
Change-Id: Id6e1d1be276af01ce05777682dde8b58d803aedc
Bug: oss-fuzz:37837
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/449097
Commit-Queue: John Stiles <johnstiles@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
2021-09-15 14:29:45 +00:00
John Stiles
857c7f9dc5 Add program-too-large test using for loops without blocks.
The fuzzer has discovered a bug in our program size-checking logic; for
loops that immediately contain another for loop (with no block) were not
counting the inner loop's iterations. This allowed it to exceed our
maximum program-size threshold (and time out during SkVM compilation).

This test demonstrates the issue. A followup will fix it.

Change-Id: I3b7d4c8a4f0ed04cf0aba3f1a32fdad7d6d784e7
Bug: oss-fuzz:37837
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/449096
Commit-Queue: John Stiles <johnstiles@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
Reviewed-by: Ethan Nicholas <ethannicholas@google.com>
2021-09-15 14:19:00 +00:00
Brian Osman
eae4ad9bc0 Remove SkSL sample() intrinsic for Skia object types
Bug: skia:12302
Change-Id: Ifc107ca2cf13c1daa59521b93fe4ad1d3c215258
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/447297
Reviewed-by: John Stiles <johnstiles@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
2021-09-14 14:18:03 +00:00
Ethan Nicholas
a2c76c77c4 Fixed illegal interface block reporting
DSL was improperly allowing interface blocks in runtime shaders, which
caused PipelineStageGenerator to get upset.

Bug: oss-fuzz:38131
Change-Id: I593e68f2cab3db9151d606e65e2826ffa9c494e2
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/446324
Commit-Queue: Ravi Mistry <rmistry@google.com>
Commit-Queue: Ethan Nicholas <ethannicholas@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
Reviewed-by: John Stiles <johnstiles@google.com>
2021-09-07 20:18:00 +00:00
John Stiles
ff6c5bf5ed Generate more diagnostics from IRGenerator, when given bad code.
Two minor changes:
- Converting a Block with bad statements will now generate a partial
  block instead of nullptr.

The change mirrors how DSL behaves; functions containing invalid
statements will now be created and added to the program. Previously, we
would discard a function definition with any invalid statements inside;
this prevented duplicate-function-definition errors from appearing.

- Converting a return with a bad expression will now generate a
  poisoned return instead of nullptr.

This change improves diagnostics for functions with invalid return
statements. If we eliminate the return statements (by returning null),
we report bad return statements as "function can exit without returning
a value" (which is confusing).

Change-Id: I6d998d5c50585f8d96bb7e3cb7f59b63125d6a62
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/446325
Commit-Queue: John Stiles <johnstiles@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Ethan Nicholas <ethannicholas@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
2021-09-07 20:13:55 +00:00
John Stiles
106e0cd412 Increase GetLoopUnrollInfo loop-count limit to 100,000.
To do this with a clean conscience, I needed to convert the unroll-
counting logic from a linear time algorithm to constant-time. Getting
all the edge cases correct requires a lot of care, and there are now
plenty of unit tests.

Change-Id: I620909d069ac425b7310e345bf80ec844fe035f8
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/445643
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
Commit-Queue: John Stiles <johnstiles@google.com>
2021-09-07 19:28:08 +00:00
Brian Osman
0ad2d013b1 SkSL: Turn DSL parser off again
Several fuzzer issues, and one Chromium issue that's blocking the roll.

Bug: chromium:1246795
Bug: skia:12423
Change-Id: I00370b74569b447e543d9a1f22c588eb493063da
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/445960
Reviewed-by: John Stiles <johnstiles@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
Auto-Submit: Brian Osman <brianosman@google.com>
2021-09-07 14:21:57 +00:00
John Stiles
733fd74c29 Improve unit testing of for-loops.
An ES2-compatible for loop supports six separate rel-ops:
   < <= > >= != ==
Each rel-op, in addition to its expected usage, is also able to
represent a loop which never terminates, as well as a loop which
terminates instantly. Since SkVM unrolls these loops, we should make
sure we do it properly. We now have unit tests for all of these cases.

Change-Id: Icae04d48bc158bf8c0c98db97f76756a1a29110c
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/445756
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
Commit-Queue: John Stiles <johnstiles@google.com>
2021-09-07 14:11:04 +00:00
Ethan Nicholas
360db877be Fix line numbers of several DSLParser errors
Change-Id: I82e0d29fbcb5be93fe20a1fb442e2a429e6cab8e
Bug: skia:12411
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/445644
Reviewed-by: John Stiles <johnstiles@google.com>
Commit-Queue: John Stiles <johnstiles@google.com>
2021-09-03 22:12:22 +00:00
Ethan Nicholas
0ed278b42d Flip the switch to activate DSLParser
Change-Id: Id894eb70273454716eb33c85dff2056333e90cdd
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/445281
Reviewed-by: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
Commit-Queue: Ethan Nicholas <ethannicholas@google.com>
2021-09-03 19:07:17 +00:00
Brian Osman
33e0f9aa49 Remove SkSL shade/blend/filter intrinsics
Bug: skia:12302
Change-Id: I4ff394f1f9d93d2def19a9f9d49cb208651aff10
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/445639
Commit-Queue: Brian Osman <brianosman@google.com>
Reviewed-by: John Stiles <johnstiles@google.com>
2021-09-03 16:55:38 +00:00
Brian Osman
cbfa34a58c Convert internal SkSL to use .eval()
Also update RELEASE_NOTES to describe new syntax.

Change-Id: I2666551b98f80b61ae3a48c92a9e306cdc7242b0
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/444735
Commit-Queue: Brian Osman <brianosman@google.com>
Reviewed-by: John Stiles <johnstiles@google.com>
2021-09-03 15:54:54 +00:00
John Stiles
9d82e61c90 Only perform unrolled-size check on valid code.
This analysis pass assumes we have a program with a valid structure--all
loops must be ES2-compliant, and all function-calls must reference real
functions that exist. If we detected an error during compilation, our
program might not meet these criteria.

Change-Id: I4c7aefb3221438643614f1e0cbc2bad40b94b161
Bug: skia:12396
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/444982
Reviewed-by: Ethan Nicholas <ethannicholas@google.com>
Commit-Queue: Ethan Nicholas <ethannicholas@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
2021-09-03 15:51:11 +00:00
John Stiles
2af4b13925 Reject programs which exceed 50 stack frames during size analysis.
Our program-size analysis pass needs to recurse into called functions;
depending on the exact order of functions in the program, this recursion
can hypothetically be as deep as the deepest function-call chain. Set an
upper bound on recursion here, so we don't overflow the stack while
trying to check the program size. In practice, 50 frames is far deeper
than a regular shader should ever go.

Change-Id: I733ee48dad6f8053facdfd9f6d8a2b9b2a4af188
Bug: skia:12396
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/445279
Reviewed-by: Brian Osman <brianosman@google.com>
Commit-Queue: John Stiles <johnstiles@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
2021-09-03 02:41:34 +00:00
John Stiles
98ddea09f4 Report recursion from within CheckProgramUnrolledSize.
This allows us to remove the static-recursion analysis pass entirely,
while still providing the same results.

Change-Id: If1564cd4df55be86ca4e0bf53ecc094ba76007df
Bug: skia:12396
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/445296
Commit-Queue: John Stiles <johnstiles@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
2021-09-02 19:32:23 +00:00
John Stiles
61e5e202a5 Enforce an upper bound on Runtime Effect program size.
The fuzzer is currently learning to make unboundedly-large programs by
nesting medium-size loops repeatedly. SkVM doesn't have a mechanism to
limit the ensuing explosion of code and ends up making unreasonably deep
stacks and/or unreasonably large programs.

SkSL now enforces an upper bound of approximately 100,000 IR nodes on a
fully-flattened, fully-inlined strict-ES2 program. The limit is picked
out of thin air, but this should be enough to prevent SkVM from going
haywire while still being large enough to handle any reasonable program.
We can definitely tune this value if we find that it is too large
(admitting dangerous code) or too small (rejecting good code).

Change-Id: I11735636175721fbc79460b4e194d8e4b42dc47d
Bug: skia:12396, oss-fuzz:37827, oss-fuzz:37837
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/444358
Auto-Submit: John Stiles <johnstiles@google.com>
Commit-Queue: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
2021-09-02 14:44:34 +00:00
John Stiles
2ecc595e86 Migrate program finalization logic out of IRGenerator.
Most of the logic in IRGenerator::finish has moved to
Compiler::finalize. The @if/@switch pass has been combined with the pass
that verifies no dangling FunctionReference/TypeReference expressions,
saving one walk through the IR tree. Most program-finalization logic now
exists in Compiler and Analysis.

This change reorders our error generation logic slightly, and manages to
squeeze a few extra (valid) errors out of one of our fuzzer-generated
tests, but is not really intended to affect results in any significant
way.

Change-Id: I461de7c31f3980dedf74424e7826c032b1f40fd2
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/444757
Commit-Queue: John Stiles <johnstiles@google.com>
Commit-Queue: Ethan Nicholas <ethannicholas@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Ethan Nicholas <ethannicholas@google.com>
2021-09-01 19:40:53 +00:00
Brian Osman
f8a550491e SkSL: Use type-specific sampling intrinsics, rather than fn-call syntax
After further discussion, using intrinsics with signatures similar to
sample keeps us looking like GLSL. However, using "sample" is still
misleading, so this adds explicit "shade", "filter", and "blend"
intrinsics. After migrating clients, the "sample" versions will be
removed.

Bug: skia:12302
Change-Id: Ia03e4b3794fc1fc5ae3c3099a7a350343ec7702e
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/441457
Commit-Queue: Brian Osman <brianosman@google.com>
Reviewed-by: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Salomon <bsalomon@google.com>
2021-08-24 18:18:46 +00:00
Brian Osman
b5282f0112 Migrate runtime effect sample tests to golden files
Much easier to maintain, especially with an upcoming change to the
sampling syntax.

Change-Id: I378811b7be0afcce5b7e68a942e7b46d96568155
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/441518
Commit-Queue: Brian Osman <brianosman@google.com>
Commit-Queue: John Stiles <johnstiles@google.com>
Auto-Submit: Brian Osman <brianosman@google.com>
Reviewed-by: John Stiles <johnstiles@google.com>
2021-08-24 15:19:44 +00:00
John Stiles
823c504999 Include non-ES2 numeric types in the root symbol table.
Previously, we hid non-ES2 numeric types from Runtime Effect code by
only including them in the private symbol table. Now, they are present
in the root symbol table, but marked with a new flag that identifies
them as disallowed in ES2.

The IR generator now enforces that strict-ES2 code doesn't contain types
that aren't allowed. This has two benefits:
- Intrinsic functions in sksl_public can now reference these types
- Error reporting is nicer

Change-Id: I32375de4efdcb57b74a8a1692fb2ee315a003336
Bug: skia:12348, skia:11115
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/439997
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
Commit-Queue: John Stiles <johnstiles@google.com>
2021-08-17 17:36:43 +00:00
John Stiles
059798f40e Test that Runtime Effects cannot use non-ES2 types.
Surprisingly, we didn't actually have a preexisting test covering this.
Error reporting is lackluster in this CL but will be improved in the
followup.

Change-Id: I0b1cdb5a82f066af6b9d3fd9c39748080c2e18c0
Bug: skia:12348
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/439996
Auto-Submit: John Stiles <johnstiles@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
2021-08-17 15:10:02 +00:00
John Stiles
4e2494870d Allow derivatives in Runtime Effects when ES3 restrictions are off.
We can now add functions to sksl_public.sksl with an $es3 prefix. These
will be allowed in a Runtime Effect when strict-ES2 mode is disabled.
Note that the CPU backend still doesn't have support for these calls,
and will fail ungracefully (assertion, nonsense result) if these
intrinsics are used.

The testing here is limited, due to an unrelated bug in SPIR-V
(skia:12340)

Change-Id: I9c911bc2b77f5051e80844607e7fd08ad386ee56
Bug: skia:12202, skia:12340
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/439058
Commit-Queue: John Stiles <johnstiles@google.com>
Reviewed-by: Ethan Nicholas <ethannicholas@google.com>
2021-08-13 16:45:17 +00:00
John Stiles
e3f85e07fa Add improved regression test for oss-fuzz:36655.
Most of the code generated by the fuzzer is nonsense, but there is a
method to its madness. The crash is only triggered under specific
conditions:
- The runtime effect has enough helper functions to mostly fill up the
  call graph hash-map. It won't rehash until it gets close to capacity.
- There must be several calls to built-in functions, in order to add
  elements to the call graph to force a rehash.

The fuzzer-generated code manages to satisfy both these requirements.

Change-Id: I9a1d7535557fedd4e9bfece3930ac86ede291ffe
Bug: oss-fuzz:36655
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/437118
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Ethan Nicholas <ethannicholas@google.com>
Commit-Queue: John Stiles <johnstiles@google.com>
2021-08-06 13:03:32 +00:00
John Stiles
b806da4501 Honor lowp/mediump/highp precision qualifiers in IRGenerator.
This CL does not update the DSLParser to honor these precision
qualifiers; that will be done in a followup.

Change-Id: Ib629bc99c0e6c7afb550a381d4e3b6ccc26aa64e
Bug: skia:12248
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/436337
Commit-Queue: John Stiles <johnstiles@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Ethan Nicholas <ethannicholas@google.com>
2021-08-04 21:29:10 +00:00
Brian Osman
7da0657fda Explicitly detect static recursion in SkSL
This relaxes our rules to allow calls to declared (but not yet defined)
functions. With that rule change, we have to specifically detect static
recursion and produce an error.

Bug: skia:12137
Change-Id: I39cc281fcd73fb30014bc7b43043552623727e03
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/431537
Reviewed-by: John Stiles <johnstiles@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
2021-07-24 00:01:15 +00:00
Brian Osman
fb212256ca Improve tests/comments, to prepare for calling functions before definition
Bug: skia:12137
Change-Id: I609dd2578bf39a30e036ea85281886f8c4554579
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/431038
Reviewed-by: Ethan Nicholas <ethannicholas@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
2021-07-22 13:19:39 +00:00
John Stiles
9c19b9f1ff Fix for fuzzer-discovered out-of-bounds array access.
Change-Id: I4280b5710dd8749ba766ba74d7a8886bc4e024bb
Bug: oss-fuzz:35124
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/417200
Reviewed-by: Brian Osman <brianosman@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
Commit-Queue: John Stiles <johnstiles@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
2021-06-10 14:32:10 +00:00
John Stiles
f7f36ae077 Add ProgramKind::kRuntimeBlend for Runtime Blend functions.
Runtime Blend effects always take two input colors--source and
destination--instead of one. This CL adds a new ProgramKind for blend
effects, a new program module (empty for now), and adds a test to
confirm that the signature for blend functions is checked. Currently
these are only accessible via skslc; there's no Runtime Effect API to
create one and the dest color isn't hooked up to anything.

Change-Id: I5272a811d2d76b878cfdf3429efa78c9c8b3fd97
Bug: skia:12080
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/416798
Auto-Submit: John Stiles <johnstiles@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
2021-06-08 19:34:39 +00:00
John Stiles
edac7716aa Evaluate single-argument generic intrinsics at compile time.
In particular, this optimizes abs() and sign() when all inputs are known
at compile time. This resolves a TODO on a test case in
`IllegalIndexing.rts`.

Change-Id: Ica310522a85b42dc7ae255bd25004a6629d04176
Bug: skia:10835
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/405676
Auto-Submit: John Stiles <johnstiles@google.com>
Commit-Queue: John Stiles <johnstiles@google.com>
Reviewed-by: Ethan Nicholas <ethannicholas@google.com>
2021-05-10 14:50:50 +00:00
Brian Osman
552fcb9a1b Remove flexible runtime effects entirely
All internal usage has migrated to MakeFor..., this removes the old
program kind, and updates some tests.

Bug: skia:11813
Change-Id: I56733b071270e1ae3fab5d851e23acf6c02e3361
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/402536
Commit-Queue: Brian Osman <brianosman@google.com>
Reviewed-by: John Stiles <johnstiles@google.com>
2021-04-29 16:02:27 +00:00
Brian Osman
8f1dff6a9e Remove layout(marker) from runtime effect SkSL
This is another strange, experimental feature that clutters the
implementation and isn't used by anyone (to my knowledge).

Change-Id: I538b7eca0cd28aab32f4739b23459731ade9105e
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/398226
Commit-Queue: John Stiles <johnstiles@google.com>
Reviewed-by: John Stiles <johnstiles@google.com>
2021-04-19 18:48:45 +00:00
Brian Osman
cbb60bd0b0 Add runtime color filter and shader modes to the SkSL compiler
These enforce stricter rules about the signature of main, and each one
uses a separate pre-include module. That prevents color filters from
being able to reference sk_FragCoord (or coords passed to main) at all.
It also limits the versions of sample() that are exposed.

In the new world, an effect created for a specific stage of the Skia
pipeline can only be used to create instances of that stage (SkShader or
SkColorFilter). For now, SkRuntimeEffect::Make uses kRuntimeEffect,
which continues to be more lenient and allow creation of either shaders
or color filters from a single effect. After we migrate all clients, we
can deprecate and then delete that mode.

Bug: skia:11813
Change-Id: I0afd79a72beeec84da42c86146e8fcd8d0e4c09f
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/395716
Reviewed-by: John Stiles <johnstiles@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
2021-04-15 13:30:59 +00:00
Brian Osman
5c62582874 Require that runtime effect child variables are 'uniform'
Bug: skia:11374
Change-Id: I63d605eabbe514a0469d00d8a671969874f3edd4
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/393081
Reviewed-by: John Stiles <johnstiles@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
2021-04-07 13:16:28 +00:00
Brian Osman
601abfacc7 Move 'shader' usage tests to an SkSL golden file
Also adds tests of non-uniform shader declarations. These are currently
allowed, but will be detected as an error in the next CL.

Bug: skia:11374
Change-Id: I3fee0a0c97ae590f7bc6952cb367f7e94436b891
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/393080
Reviewed-by: John Stiles <johnstiles@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
2021-04-06 19:20:16 +00:00
Brian Osman
14d0096f1d Make 'shader' and 'colorFilter' first class types in SkSL
No functional change yet, but fragmentProcessor is no longer allowed in
runtime effect SkSL (and errors about 'shader' variables will no longer
refer to 'fragmentProcessor').

Bug: skia:11813
Change-Id: I5161f9adbe79090ec31ed3faf7dcef0e290842b7
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/392440
Commit-Queue: Brian Osman <brianosman@google.com>
Reviewed-by: John Stiles <johnstiles@google.com>
2021-04-05 14:55:46 +00:00
Brian Osman
1f56479d6e Add test using 'fragmentProcessor' in runtime effects
Allowed today, will soon be an error.

Bug: skia:11813
Change-Id: I5c13de7657fa85f13fa6d80e1d890225d8a3e868
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/392439
Reviewed-by: John Stiles <johnstiles@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
2021-04-05 14:02:16 +00:00
John Stiles
8f440b4e1e Optimize away no-op arithmetic in ConstantFolder.
Expressions like `x * 1`, `x *= 1`, `x + 0`, `x * 0`, or `0 / x` don't
actually do anything, and can be simplified to just `x` or `0`. (The
zero case must also check that `x` doesn't have side effects, because
`0 * myFunction()` still needs to call `myFunction`.)

`0 - x` is also detected and rewritten as `-x`.
`0 / 0` is left as-is.

This logic works for scalars and vectors; matrices are left as-is.

A similar optimization also occurs in the constant-propagation pass, so
we see almost no diffs in the tests. If control-flow analysis is turned
off, we do see some improvements. (I didn't reuse the existing code at
all, since it was designed around rewriting the CFG tree, but the
concept was identical.)

Change-Id: Ia99cd81f1d4cd3dafaa43ccac6a2261e3257a185
Bug: skia:11343
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/380356
Reviewed-by: Brian Osman <brianosman@google.com>
Commit-Queue: John Stiles <johnstiles@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
2021-03-06 01:33:35 +00:00
Brian Osman
7b361499c9 Align SkSL const rules more closely with GLSL
This adds Analysis::IsConstantExpression, to determine if an expression
is a constant-expression. It now expands to cover 'const' local and
global variables, because we also enforce that the initializer on those
variables is - in turn - a constant expression.

This fixes 10837 - previously you could initialize a const variable with
a non-constant expression, and we'd emit GLSL that contained that same
pattern, which would fail to compile at the driver level. That should
not be possible any longer.

Bug: skia:10679
Bug: skia:10837
Change-Id: I517820ef4da57fff45768c0b04c55aebc18d3272
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/375856
Reviewed-by: John Stiles <johnstiles@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
2021-02-26 17:44:11 +00:00
Brian Osman
6e2dccb979 Runtime Effects: Disallow all operators on arrays or arrays-in-structs
None of these are legal in GLSL ES 1.0. Added a new test that previously
compiled without error. Started out with just assignment and equality,
then realized that sequence and ternary should be blocked, too.

Bug: skia:11323
Change-Id: I02691f819565afabeadbb12cab6c07acf40093f7
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/370880
Commit-Queue: Brian Osman <brianosman@google.com>
Reviewed-by: John Stiles <johnstiles@google.com>
2021-02-17 18:05:04 +00:00
John Stiles
e609598fe6 Reject array-typed vardecls and array ctors in strict ES2 mode.
This is enforced by ANGLE in Strict ES2 mode; we need to enforce it as
well.

Change-Id: I6e2f547ad8e0ce817742cf84659764cf6bce38b9
Bug: skia:11270
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/366339
Commit-Queue: John Stiles <johnstiles@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
2021-02-04 19:36:50 +00:00