Previously, we used a fixed portion of the fuzzer input for uniform
data, and assumed zero children. Now we synthesize uniform and child
inputs based on the needs of the input shader. We no longer need to
reserve the last 256 bytes of each shader for uniform data; a followup
CL will remove the special corpus that this fuzzer used.
The contents of each uniform/child is not particularly important, since
we don't care what the final paint looks like. Each uniform is filled in
with increasing values in each slot, starting at zero (0, 1, 2, 3, ...).
Each child is a simple built-in shader/filter/blender.
(Fuzzer corpus change: https://github.com/google/oss-fuzz/pull/7266 )
Change-Id: Idc8bfcb17c10a470ef35fafc1789b915495e1d67
Bug: skia:12781
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/507924
Reviewed-by: Arman Uguray <armansito@google.com>
Commit-Queue: John Stiles <johnstiles@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Bug: skia:12643
Change-Id: I37e1718a20283dfb814c85260257d57bac2b7b34
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/506211
Reviewed-by: John Stiles <johnstiles@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
Auto-Submit: Brian Osman <brianosman@google.com>
New entry point that does stricter checking on SkSL validity.
Bug: skia:11813
Change-Id: Icc8501c108af278e2fe1029859a552ea6ab6eb08
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/401056
Reviewed-by: Kevin Lubick <kjlubick@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
Previously, the act of painting a Runtime Effect was causing its helper
functions to get inlined, even if inlining was disabled during the
initial SkSL generation. This meant that the "NoInline" path was not
actually very effective.
Change-Id: If8e3933be61df4a49d2e11d916d7fff22876315e
Bug: skia:11362
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/388099
Commit-Queue: John Stiles <johnstiles@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Ethan Nicholas <ethannicholas@google.com>
Change-Id: I7be9a95bc190760245966c36ed088afd68108a5f
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/371316
Auto-Submit: Brian Osman <brianosman@google.com>
Reviewed-by: Mike Klein <mtklein@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
This allows us to control the inline threshold of runtime effects in a
thread-safe way.
The new Make API now returns a struct, for readability; the old Make API
continues to return a tuple.
The old Make function is deprecated and subject to removal. You can
migrate to the new API by passing a default-constructed Options struct.
In this case there will be no difference in behavior.
Change-Id: Ic62d6f294f596d0a61095e35a87ccdbbe0b1cf93
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/363785
Reviewed-by: Brian Salomon <bsalomon@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
Commit-Queue: John Stiles <johnstiles@google.com>
We had several defines around the code base that were not
very descriptive. Additionally, we had a patch of extra
runtime restrictions living in oss-fuzz that were applied
when fuzzing over there for some fuzzers.
This has all be consolidated and controlled via the defines
documented in site/dev/testing/fuzz.md
As such, we can remove one of the patches that is in oss-fuzz,
taking us closer to being able to fuzz in the CI/CQ.
PS 1 renames existing fuzz defines to the new schema.
PS 2-3 backports skia.diff from oss-fuzz and changes those
definitions to have the _GREATLY modifier.
PS 5+ further condenses the defines so that there is one
define for gating the runtime checks.
Change-Id: Ia4ad96f30c1e9620a2123b510e97c6f501a2e257
Docs-Preview: https://skia.org/?cl=316443
Bug: skia:10713
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/316443
Commit-Queue: Kevin Lubick <kjlubick@google.com>
Reviewed-by: Mike Klein <mtklein@google.com>
Keep the same default value, but add a (private) API to change it when
compiling SkRuntimeEffect code.
Use the new API to improve fuzzer coverage, by fuzzing with inlining
disabled and (enthusiastically) enabled.
This reverts commit 3e8fae7193, reworked
to avoid the static initializer.
Change-Id: I7e6cd39d4af2daa4b1be41f1c7d99f32df7a51ab
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/309664
Reviewed-by: Brian Osman <brianosman@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
Runtime effects previously allowed two kinds of global input variables:
'in' variables could be bool, int, or float. 'uniform' could be float,
vector, or matrix. Uniform variables worked like you'd expect, but 'in'
variables were baked into the program statically. There was a large
amount of machinery to make this work, and it meant that 'in' variables
needed to have values before we could make decisions about program
caching, and before we could catch some errors. It was also essentially
syntactic sugar over the client just inserting the value into their SkSL
as a string. Finally: No one was using the feature.
To simplify the mental model, and make the API much more predictable,
this CL removes 'in' variables entirely. We no longer need to
"specialize" runtime effect programs, which means we can catch more
errors up front (those not detected until optimization). All of the API
that referred to "inputs" (the previous term that unified 'in' and
'uniform') now just refers to "uniforms".
Bug: skia:10593
Change-Id: I971f620d868b259e652b3114f0b497c2620f4b0c
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/309050
Commit-Queue: Brian Osman <brianosman@google.com>
Reviewed-by: Brian Salomon <bsalomon@google.com>
Reviewed-by: John Stiles <johnstiles@google.com>
This reverts commit ad3db40d78.
Reason for revert: Chrome doesn't like static initializers.
Original change's description:
> Add inline threshold to SkSL::Program::Settings
>
> Keep the same default value, but add a (private) API to change it when
> compiling SkRuntimeEffect code.
>
> Use the new API to improve fuzzer coverage, by fuzzing with inlining
> disabled and (enthusiastically) enabled.
>
> Change-Id: I36424bac95144aeb727cfb949754fbe998d5d7de
> Reviewed-on: https://skia-review.googlesource.com/c/skia/+/308181
> Commit-Queue: Brian Osman <brianosman@google.com>
> Reviewed-by: Kevin Lubick <kjlubick@google.com>
> Reviewed-by: Ethan Nicholas <ethannicholas@google.com>
TBR=kjlubick@google.com,brianosman@google.com,ethannicholas@google.com
Change-Id: Ic233203f3728a7285a1958c53567d915e56023af
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/308757
Reviewed-by: Brian Osman <brianosman@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
Keep the same default value, but add a (private) API to change it when
compiling SkRuntimeEffect code.
Use the new API to improve fuzzer coverage, by fuzzing with inlining
disabled and (enthusiastically) enabled.
Change-Id: I36424bac95144aeb727cfb949754fbe998d5d7de
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/308181
Commit-Queue: Brian Osman <brianosman@google.com>
Reviewed-by: Kevin Lubick <kjlubick@google.com>
Reviewed-by: Ethan Nicholas <ethannicholas@google.com>
The major improvement is that now the fuzzer is able to execute
the sksl code (before it just compiled it). The fuzzer will
reserve 256 bytes for providing uniforms to the shader;
meanwhile, the fuzzer will read the remaining bytes as sksl code
to create SkRuntimeEffect. It then creates a shader and executes
it by painting the shader on a canvas.
The code was tested locally with afl-fuzz, and the execution
speed was around 700/sec.
An alternative implementation would have been using Fuzz.h to
read bytes; I decided to go with sk_sp<SkData> since it has a
comparable format to other binary fuzzer and meets all the
functionality in this fuzzer.
For future changes, there are 2 important improvements to the
implementation:
1) Current shader does not have children shaders; thus,
makeShader() will fail if the SkSL ever tries to use an 'in shader'.
As pointed out in patchset 11, after creating the runtime effect,
effect->children().count() will tell you how many children it's
expecting (how many 'in shader' variables were declared). When you
call makeShader(), the second and third arguments are a
(C-style) array of shader pointers, and
a count (which must match children().count()).
Some helpful examples can be SkRTShader::CreateProc in
SkRuntimeEffect.cpp, make_fuzz_shader in FuzzCanvas.cpp.
2)
In this fuzzer, after creating the paint from a shader, the paint
can be drawn on either GPU canvas or CPU, so a possible way is to
use SkSurface::MakeRenderTarget to create GPU canvas and use a byte
to determine which canvas it will be drawn on.
Change-Id: Ib0385edd0f5ec2f23744aa517135a6955c53ba38
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/300618
Commit-Queue: Zepeng Hu <zepenghu@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
Reviewed-by: Kevin Lubick <kjlubick@google.com>