Commit Graph

88 Commits

Author SHA1 Message Date
John Stiles
9ea48e3965 Disallow multi-dimensional arrays in SkSL.
GLSL only allows one-dimensional arrays. This CL lowers SkSL's array
dimensionality limit from eight to one, and fixes all the tests that
this breaks. The rest of the code still technically supports
arbitrarily-deep array dimensionality; there are many opportunities for
code cleanup and simplification in followup CLs.

Change-Id: I0fc31e4626649ec69d40c5f5597b3924de298df0
Bug: skia:11026
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/340339
Commit-Queue: John Stiles <johnstiles@google.com>
Reviewed-by: Ethan Nicholas <ethannicholas@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
2020-12-03 16:28:19 +00:00
John Stiles
076e9a2f34 Disallow returning array types in SkSL.
This is illegal in older versions of GLSL and in Metal. We now fail at
SkSL compilation time and properly report the error.

Change-Id: I6ddaeabff5386a1ed6ca3eb8703a6035476ec77a
Bug: skia:11021
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/339298
Commit-Queue: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
2020-12-03 16:27:39 +00:00
John Stiles
6bef6a7858 Fix flipped array dimensions in SkSL.
The proper approach for creating multi-dimensional array types is
complicated, so I added a function in SymbolTable which does it the
right way (addArrayDimensions). I found all the places in SkSL which
created arrays from base types and size arrays, and refactored them to
call addArrayDimensions instead of doing it manually.

I believe that this approach fixes a bunch of minor issues with multi-
dimensional array types; some are visible in the current codegen output,
and others are latent bugs. e.g. in some instances, a Variable's type()
was silently holding flipped array dimensions, but this never led to
a visible bug because we ended up using the VarDeclaration's baseType()
plus sizes() everywhere that the type was used. (In particular, this
caused debugging headaches in http://review.skia.org/340137 where I'd
use a Variable's type and suddenly its array dimensions would be wrong.)

Change-Id: Idd6a86aa5d1dce8918d02a53bcc2f7d7886e3ac5
Bug: skia:11016, skia:10924
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/339860
Commit-Queue: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
2020-12-02 20:07:57 +00:00
John Stiles
986c7fb8ca Fix codegen errors with Metal return statements.
The Metal return type from main() diverges from the SkSL source, so we
patch it in the Metal code generator. This CL improves the patching
process in multiple ways:

- A `return` statement from a fragment processor main() is rewritten to:
    return *_out;

- A `return` statement from a vertex processor main() is rewritten to:
    return (_out->sk_Position.y = -_out->sk_Position.y, *_out);

- We avoid emitting a duplicate `return *_out;` statement if we can
  determine that main() already ends in a return statement. This is
  harmless either way so it doesn't necessarily catch everything. (e.g.
  it doesn't detect an if/else which returns at the end of both blocks.)

Also added a unit test which returns from the middle of a vertex shader,
since we didn't test this anywhere and we need to verify that
sk_Position.y will be negated. (This didn't work properly before.)

Change-Id: I14cf18375894fc712fa6c6466df3888ebaeba7c8
Bug: skia:10903
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/339636
Reviewed-by: Ethan Nicholas <ethannicholas@google.com>
Commit-Queue: John Stiles <johnstiles@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
2020-12-01 21:28:05 +00:00
John Stiles
842b3599c8 Enforce layout(location=...) on Metal out variables.
Previously, this would generate invalid code such as `[[user(locn-1)]]`.
We now generate a more-useful error at SkSL compilation time.

Change-Id: Ifbe335ec6d4abcbdfe89b892ba51063c94d22b11
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/339397
Auto-Submit: John Stiles <johnstiles@google.com>
Commit-Queue: Ethan Nicholas <ethannicholas@google.com>
Reviewed-by: Ethan Nicholas <ethannicholas@google.com>
2020-12-01 20:41:15 +00:00
John Stiles
7bd7033072 Disallow global variables containing arrays of opaque types.
GLSL only supports arrays of samplers in very limited ways; they aren't
supported at all by SkSL. We now detect arrays of opaque objects and
reject the code.

We have several paths through the IR generator that create and process
array types; the unit test covers global and local variables, and array
on the type versus array on the variable.

Change-Id: I5b45e88e31cf4005723c3bf35561622d65321f7b
Bug: skia:11008
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/339317
Commit-Queue: Brian Osman <brianosman@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
2020-12-01 20:04:14 +00:00
John Stiles
5b589fd273 Add test for returning arrays from functions.
Just filling in a gap in our tests. The output is a little strange as it
exposes a missed opportunity to constant-fold array accesses, but it
seems fine otherwise.

Change-Id: I6df13e0f9a49455015ceb47d7802bb5e1bbdaa1a
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/339217
Commit-Queue: John Stiles <johnstiles@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
2020-11-30 19:38:05 +00:00
John Stiles
d7cc093f1f Fix ASAN error when inlining array constructor expressions.
Constructors such as `float[2](0, 0)` add a type to the symbol table;
this type needs to be copied into the new symbol table if the
constructor is cloned by the inliner.

Change-Id: Ifa8d2dec87103c6223ce493e2201a904c14c2137
Bug: oss-fuzz:28050
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/339168
Auto-Submit: John Stiles <johnstiles@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
2020-11-30 18:37:05 +00:00
John Stiles
fd41d878b1 Fix SPIR-V and Metal support for enum types.
SPIR-V previously didn't know what to think when it encountered a Type
with a typeKind of kEnum, and would abort. These are now treated as
32-bit signed integers.

Metal previously emitted the SkSL enum typename, which is meaningless to
Metal since we do not emit the enum itself anywhere. Metal now emits
"int" for an enum-typed variable.

(GLSL already correctly emits "int" for enum types.)

Change-Id: I05975a2a399f9c4a22c00c90be0dccacd99d793b
Bug: skia:11003
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/338856
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
Commit-Queue: John Stiles <johnstiles@google.com>
2020-11-30 18:05:48 +00:00
John Stiles
21f5f450a4 Fix SPIR-V compilation error with arrays of samplers.
This CL addresses the root cause of the fuzzer issue, by checking for
LayoutIsSupported before getting the MemoryLayout of a type. However,
this array ought to be detected as an error everywhere, as samplers are
opaque types; at present, this code compiles without error in GLSL and
Metal. This is an issue for followup CLs.

GLSL's actual support for arrays of samplers is interesting and probably
too nuanced for us to try to emulate:

https://www.khronos.org/opengl/wiki/Data_Type_(GLSL)#Opaque_arrays

"Under GLSL version 3.30, Sampler arrays (the only opaque type 3.30
provides) can be declared, but they can only be accessed by compile-time
integral Constant Expressions. So you cannot loop over an array of
samplers, no matter what the array initializer, offset and comparison
expressions are.

Under GLSL 4.00 and above, array indices leading to an opaque value can
be accessed by non-compile-time constants, but these index values must
be dynamically uniform. The value of those indices must be the same
value, in the same execution order, regardless of any non-uniform
parameter values, for all shader invocations in the invocation group."

Change-Id: Ib382f5c3b563f996b3c8f1eb6b021b6d31fa9ce7
Bug: oss-fuzz:28107
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/339159
Commit-Queue: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
2020-11-30 17:28:14 +00:00
John Stiles
ade695ea4a Add unit test for function dead-stripping.
This test verifies that dead-stripping works on both built-in and user
functions, if their function call is optimized away.

Change-Id: I3125a34640c69de43c383343cd00d97e5a32ac60
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/338836
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
2020-11-30 15:16:44 +00:00
John Stiles
712fd6bbb9 Add support for enums in Metal code generator.
Enums are an SkSL-only concept--when we output code, we emit plain
IntLiterals--so the fix is simply to ignore the Enum program element
when we encounter it. This is what GLSLCodeGen does as well.

Also added a unit test to confirm that enums work normally, and that
enums are subject to optimization and static-comparison checks just as
ints would be.

Change-Id: Ic4f8da7a27983add9eb41b936d46f6638d22bd4b
Bug: skia:11003
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/338800
Reviewed-by: Ethan Nicholas <ethannicholas@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
Commit-Queue: Ethan Nicholas <ethannicholas@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
2020-11-30 15:14:34 +00:00
John Stiles
ba067aa72b Migrate dedicated SPIR-V tests to golden outputs.
There were a surprisingly small number of dedicated SPIR-V tests.
SkSLSPIRVBadOffset was the only test that didn't already exist in the
golden outputs, although it actually contained two tests.

The SPIRVTest.cpp file has been converted to SPIRVTestbed.cpp, which can
be used for local debugging of SPIR-V issues via dm (like GLSLTestbed
and MetalTestbed).

Change-Id: I978d8a7cf5735af7f537113d2b9411ce42cfcf88
Bug: skia:10694
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/338756
Auto-Submit: John Stiles <johnstiles@google.com>
Commit-Queue: Ethan Nicholas <ethannicholas@google.com>
Reviewed-by: Ethan Nicholas <ethannicholas@google.com>
2020-11-30 15:05:54 +00:00
John Stiles
d8ca6b608e Replace SPIR-V assertion with mixed-types error message.
This is very unlikely to occur in real-world code, as it's somewhat
nonsense to use the comma operator in this way. However, it's better to
fail cleanly than to assert.

Change-Id: I76481cd8a993cb1a798ee16956400a512efd4c15
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/337636
Reviewed-by: Ethan Nicholas <ethannicholas@google.com>
Commit-Queue: Ethan Nicholas <ethannicholas@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
2020-11-25 15:13:27 +00:00
Brian Osman
46787d5d7e SkSL: Add test for scalar versions of geometric intrinsics
Fix code generation for Metal and Vulkan with geometric
intrinsics that have scalar versions in GLSL/SkSL, but no
native support in MSL/SPIR-V.

Change-Id: Id4538a00172e0d233ad9d5ed8d33db6436b83208
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/338276
Commit-Queue: Brian Osman <brianosman@google.com>
Reviewed-by: John Stiles <johnstiles@google.com>
2020-11-24 20:38:20 +00:00
John Stiles
bc75ebb1af Fix crash with boolean vectors in is_constant<T>.
Previously, we assumed that if a vector in `is_constant` was not made of
floats, it must be made of integers. This ignores that boolean vectors
also exist. The original code would abort when `getIVecComponent` was
called on a bool vector.

There is another bug here--arithmetic operators on bool types should be
disallowed entirely. That will be addressed in later CLs.

Change-Id: I78781d839abde9376917fd92f2fe6311a1a58b02
Bug: oss-fuzz:27808
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/338055
Auto-Submit: John Stiles <johnstiles@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
2020-11-24 18:21:46 +00:00
John Stiles
931da26522 Add unit test demonstrating output from Gaussian blur.
Change-Id: I1be21b428939d17bbf3a9347a64db56c7cd69eb4
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/337638
Commit-Queue: John Stiles <johnstiles@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
2020-11-23 20:46:54 +00:00
John Stiles
21a59d650d Fix double-negation of constant-value construcors.
Previously, the code which calculated Constructor constant values
assumed that a constant-value PrefixExpression would always have an
operand of Constructor. It turns out that another valid case is multiple
PrefixExpressions nested within each other (representing repeated
negation). Updated the code to work regardless of the type of the prefix
operand.

Change-Id: Ic9bf54725ae59330ac817bc4ec7a64def384ab54
Bug: oss-fuzz:27663
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/337177
Auto-Submit: John Stiles <johnstiles@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
2020-11-23 17:02:21 +00:00
John Stiles
dda1d31623 Enable SPIR-V disassembly output from skslc.
We now have SPIR-V golden outputs for `blend` and `shared` tests.
This exposes a handful of SPIR-V limitations for us to address.

Change-Id: Ie5278889b8a61432403d06231b17765885bee0ac
Bug: skia:10694
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/337182
Commit-Queue: John Stiles <johnstiles@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
2020-11-20 22:54:26 +00:00
John Stiles
8c58899371 Fix fuzzer crash when casting between int and float.
The fix submitted at http://review.skia.org/335868 did not support
casts. The fuzzer discovered this shortcoming right away.

Change-Id: I2f5166528cee41367348564d4e664476fd5704ff
Bug: oss-fuzz:27650
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/336656
Commit-Queue: Brian Osman <brianosman@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
2020-11-20 14:07:03 +00:00
John Stiles
d0f712f3fe Add fix for fuzzer-discovered crash at oss-fuzz:27614.
The fuzzer managed to create a test case which temporarily evaluates to
expression `half2(half(0.2)) + 2` as it is optimized. This requires a
bunch of temporary nonsense math as the IR Generator is attempting to
simplify as it goes; various attempts to remove terms from the fuzzer
test-case would cause it to stop reproducing the error.

Constructor::getVecComponent assumed that any constructor with a single
scalar argument would always implement `getConstantFloat` and
`getConstantInt`; however, constructors themselves did not actually
implement these methods. This meant that nesting a scalar constructor
inside a non-scalar constructor would abort when it tried to deduce the
value inside the inner constructor.

This has been fixed by implementing `getConstantFloat` and
`getConstantInt` for Constructors. These methods will assert if the
constructor has more than one argument or is a non-scalar type. This
should allow any number of nested constructors, e.g.
`half4(half(half(half(1))))` should recursively evaluate properly,
should we somehow generate this as an intermediate expression.

Change-Id: Iaee4284cba03974443cd7b5dccfd7909c1a5f3a6
Bug: oss-fuzz:27614
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/335868
Commit-Queue: John Stiles <johnstiles@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
2020-11-18 21:01:15 +00:00
John Stiles
e1bbd5c128 Disallow unsized array dimensions on size fields past the frontmost.
This was slightly complicated by the fact that this syntax indicates an
array with a known size:

    float[] x = float[](1, 2, 3, 4);

Of course, the size is 4; it's just never explicitly stated in the
code. (The SkSL parser never actually deduces the size, but it doesn't
apparently have a need to; we don't do much in the way of optimization
for arrays.) However, this prevents us from simply failing whenever we
parse "[]" in non-builtin code; we need to keep scanning and see if the
variable is initialized. We already check this in the
ArrayConstructors.sksl test file.

Change-Id: I5b86958e81bd9bf5edf28a617cecf95c1875583e
Bug: skia:10957
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/335240
Reviewed-by: Brian Osman <brianosman@google.com>
Commit-Queue: John Stiles <johnstiles@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
2020-11-17 16:44:13 +00:00
John Stiles
1d75778cbf Disallow opaque types in structs and interface blocks.
This is a followup to http://review.skia.org/335196. This detects opaque
types (samplers and textures) at parsing or IR generation time and
reports an error regardless of backend. This check occurs before Metal
or SPIR-V would have a chance to detect the error, so it changes their
output to a slightly more focused error message. The Metal/SPIR-V fix in
the prior CL is still a nice broad catch-all for preventing spurious
ABORTs, though.

Change-Id: I4cce92a8767d72b5d3d7277a8afde8ce5ce86db2
Bug: skia:10956
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/335217
Commit-Queue: John Stiles <johnstiles@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
2020-11-17 15:25:43 +00:00
John Stiles
0023c0c827 Detect unsupported types for MemoryLayout and report errors.
Previously, MemoryLayout would ABORT if it encountered any types that
we can't layout in memory (e.g. opaque types like samplers). Instead of
an abort, this case is now detected cleanly and an error is reported
identifying the offending type.

This should unwedge the fuzzer, which appears to be very
enthusiatically generating interface blocks with nonsense types inside.

(Note that code generators which don't actually try to compute a memory
layout--that is, GLSL--will still accept these types. This should still
be caught and reported as an error, since it's still illegal in GLSL,
but that's for a future CL.)

Change-Id: I88a9649bcd8c75dadc8cca679f3c5e94570742bc
Bug: skia:10956, oss-fuzz:27525
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/335196
Commit-Queue: John Stiles <johnstiles@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
2020-11-16 19:14:48 +00:00
John Stiles
34de5cb57b Convert remaining Metal tests to golden outputs.
Metal-specific tests are pretty thin on the ground here, and some of
the remaining tests no longer added value as they were already covered
pretty well by existing tests in Shared. The majority of remaining tests
were specific to Metal's lack of flexible matrix casting (and SkSL's
ability to paper over this with helper functions).

Change-Id: I7b3c445268b95320e7f46ec88d793c315d43ee8a
Bug: skia:10694
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/334956
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
Commit-Queue: John Stiles <johnstiles@google.com>
2020-11-16 16:32:56 +00:00
John Stiles
031a76756e Stop the inliner after it has inlined 2500 statements in a program.
This prevents OOMing when given a pathological input, but is large
enough that almost all inputs should continue to compile as-is.

Change-Id: If5c46711b886ee08495bfd09af537e9dc7ea5649
Bug: skia:10945, oss-fuzz:27442
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/334838
Commit-Queue: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
2020-11-13 23:02:11 +00:00
John Stiles
053739dfa8 Add unit test for O(n^3) behavior in the inliner.
In practice, the inline threshold does a good job of limiting the
blast radius here.

Change-Id: I495184116e733262ea9d84fec30885ea047ca116
Bug: skia:10945
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/334597
Commit-Queue: John Stiles <johnstiles@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
2020-11-13 22:13:21 +00:00
John Stiles
b4b627e62a Disallow usage of private types ($vec, etc) in non-builtin code.
This fixes a fuzzer crash in Metal.

Private types aren't meant to be used directly; we can't generate a
valid MemoryLayout for them. We will now detect them during IR
generation and report an error. (Note that unreferenced structs
currently don't have any IR representation at all, so structs have to be
used somewhere in the code to trigger the error.)

Bug: oss-fuzz:27288
Change-Id: I432f0a69fbb54cd33ff5b90a9f3d4757a9370117
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/334830
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Ethan Nicholas <ethannicholas@google.com>
Commit-Queue: John Stiles <johnstiles@google.com>
2020-11-13 21:55:50 +00:00
John Stiles
76013704ad Add unit tests for overflowing int and uint literal limits.
At present, we do not report any error; the values wrap silently.

Change-Id: I8c435cfdd81f6c2e5fd87e9c39c708138bf4ec82
Bug: skia:10932
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/333676
Auto-Submit: John Stiles <johnstiles@google.com>
Commit-Queue: Ethan Nicholas <ethannicholas@google.com>
Reviewed-by: Ethan Nicholas <ethannicholas@google.com>
2020-11-11 16:11:15 +00:00
John Stiles
a695d62772 Limit struct nesting depth to a maximum of eight levels.
This addresses a sanitizer issue discovered in
https://oss-fuzz.com/testcase-detail/4908118777266176 (it has not been
assigned an oss-fuzz bug number yet; coming soon)

This puts an upper bound on struct nesting, again to prevent memory-
layout and other recursive type-handling code from overflowing the
stack. Coincidentally, while researching GLSL behavior around this bug,
I learned that WebGL has a similar limitation but caps nested structs to
4 deep. (I could not find any documented GLSL upper bound.)

Note that both the GLSL and Metal outputs for StructMaxDepth are badly
malformed. (Structs cannot be embedded within another struct in GLSL;
structs SA7 and below are never declared in GLSL; the array list for SA7
is backwards in GLSL; Metal is missing structs SA1 through SA8; Metal
puts the array list on the type instead of the variable name.)
These issues will be addressed in separate CLs.

Change-Id: I0f1059b6faa400cd0647dd7010ec839f73779a36
Bug: skia:10922, skia:10923, skia:10925, skia:10926
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/333316
Commit-Queue: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
2020-11-10 16:58:37 +00:00
John Stiles
8d05659074 Limit arrays to a maximum of eight dimensions.
This addresses a sanitizer issue discovered in
https://oss-fuzz.com/testcase-detail/4908118777266176 (it has not been
assigned an oss-fuzz bug number yet; coming soon)

We need to set some sort of limit here to avoid stack overflow. Eight
array dimensions seems like more than enough for any sort of code that
we might realistically need, but the limit is definitely flexible if we
wanted to increase it. (The fuzzer needed to generate a several-
hundred-dimensional array before encountering a crash.)

Change-Id: I3630ab40e47cc58a2280ba200b485e1958371fdc
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/333160
Commit-Queue: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
2020-11-10 16:56:27 +00:00
John Stiles
9e2544e62f Add unit test for array with many dimensions.
This addresses a sanitizer issue discovered in
https://oss-fuzz.com/testcase-detail/4908118777266176 (it has not been
assigned an oss-fuzz bug number yet; coming soon)

A followup CL will limit array dimensionality to 8. This is an arbitrary
choice which is hopefully larger than any reasonable program will need.

Change-Id: I4cf05f40ec92c1c3444c71c45f759bb30d7da3c9
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/333135
Commit-Queue: John Stiles <johnstiles@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
2020-11-10 15:58:47 +00:00
John Stiles
0ad52f6a24 Add unit test for fuzzer-detected error with in vars.
`in` vars shouldn't support initializer expressions at all. The fuzzer
noticed that dead-stripping interacts poorly with `in` var initializer
expressions, which makes sense because it's an unsupported and untested
path. In a followup CL, lines 1 and 3 will both become errors.

Change-Id: Ibb64ca319a046b040eea976acb6798a1402451de
Bug: oss-fuzz:27300
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/333128
Commit-Queue: John Stiles <johnstiles@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
2020-11-09 18:14:56 +00:00
John Stiles
68dcf542b7 Migrate CrbugOssfuzz21688 to a golden-output test.
Change-Id: I2c077e723d123b01fbcc8fe841ee1f3d28dc152d
Bug: skia:10694
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/332037
Reviewed-by: Ethan Nicholas <ethannicholas@google.com>
Commit-Queue: John Stiles <johnstiles@google.com>
2020-11-04 22:34:13 +00:00
John Stiles
e103f941fc Create test case for oss-fuzz:26942.
Change-Id: I19a9564ac4d52b709b8fdd757b99222372c626f4
Bug: oss-fuzz:26942
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/331598
Commit-Queue: John Stiles <johnstiles@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
2020-11-03 17:19:22 +00:00
John Stiles
bfad3e2a4a Add test cases to function-prototype golden outputs.
- Prototypes for never-declared functions
- Prototype before use
- Prototype after use
- A variety of inputs and outputs on the prototyped functions.
- Calling declared-but-undefined functions

Currently, the prototypes are not actually emitted in the generated GLSL
or Metal output at all. This CL is demonstrates our baseline before
proper prototype support is added.

Change-Id: I6112e0a89ab9bbecefccaca9fba985bb8011fff1
Bug: skia:10872
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/331376
Commit-Queue: Ethan Nicholas <ethannicholas@google.com>
Reviewed-by: Ethan Nicholas <ethannicholas@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
2020-11-02 17:17:23 +00:00
John Stiles
47ee0caa10 Split Texture test into separate 1D and 2D tests.
This improves the test output for Metal. Previously, the Metal output
was just an error message, since 1D textures were unsupported. Now we
have a valid golden output for the 2D case in Metal. (1D is still
unsupported and is likely to remain unsupported; Skia currently has no
use case for 1D textures.)

Change-Id: I91977712030f08e371cc6bfb2afa578940ca00b7
Bug: skia:10797
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/330940
Auto-Submit: John Stiles <johnstiles@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
2020-11-02 14:39:31 +00:00
John Stiles
869cdefdd1 Fix unknown-identifier issue discovered by fuzzer.
This error was caused by an unbalanced symbol table push. This could
occur when an interface block encountered an error while parsing its
var-decls.

Change-Id: I910a980ac92fac7c0786c48b8dc3003ee3e75e5b
Bug: oss-fuzz:26700
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/330896
Commit-Queue: John Stiles <johnstiles@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Ethan Nicholas <ethannicholas@google.com>
2020-10-30 19:11:31 +00:00
John Stiles
09479909d1 Add unit test for error discovered by fuzzer.
Before http://review.skia.org/330743 was submitted, this caused an
assertion during CFG generation: http://screen/95ZaTYzon4bMVtE

Change-Id: Icf93472394de3d17425ad1258a68b263cab88eb1
Bug: oss-fuzz:26759
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/330816
Auto-Submit: John Stiles <johnstiles@google.com>
Commit-Queue: Ethan Nicholas <ethannicholas@google.com>
Reviewed-by: Ethan Nicholas <ethannicholas@google.com>
2020-10-30 18:18:31 +00:00
John Stiles
8bc1a72cba Add unit test to demonstrate error with modulo in FP files.
(This CL also adds modulo to the IntFolding shared test, since this was
absent from the test. It's implemented and working properly already.)

Change-Id: I24a947ab38754bff2624cd5b58cf7a39553ca888
Bug: skia:10870
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/330596
Commit-Queue: John Stiles <johnstiles@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
2020-10-29 20:46:08 +00:00
John Stiles
8744a5c820 Add unit test for nested function calls in FP files.
`func1` and `func2` emit bad code, `return %s()`, and because they don't
consume their `%s` format argument. This leaves the format argument list
unbalanced and all future args are wrong.

Another serious problem is that we don't actually know the names of the
functions that they need to call, because we haven't emitted them yet.

`func3` is not emitted at all. Sampling from a fragment processor
apparently fails in this context.

This is a more general case repro for skia:10684--it turns out that
recursion in particular wasn't the issue, but nested function calls just
don't work properly at all in FP files. This wasn't an issue in practice
because we don't have any existing FP files which nest function calls,
and the inliner also tends to aggressively flatten everything out if we
don't explicitly disable it.

Change-Id: Iff029c459c7d90be566f9b4c9be0e3150e459866
Bug: skia:10684
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/329367
Reviewed-by: Brian Osman <brianosman@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
2020-10-23 21:07:36 +00:00
John Stiles
530933006d Add unit test demonstrating recursion codegen bug.
The generated code does not assign to sk_OutColor correctly; it assigns
into the `factorial` function name instead, which doesn't make sense.

Change-Id: Ibad1d47f2f9c4fbb410b5277cea6e1022daf8b9d
Bug: skia:10684
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/329360
Commit-Queue: John Stiles <johnstiles@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
2020-10-23 16:33:15 +00:00
John Stiles
9cef66fbf5 Fix use-after-free discovered by fuzzer.
In cases where multiple variables were declared on a single line, it is
legal for variable initialization-expressions to reference variables
declared earlier in the var-decl statement. It is NOT legal for the
inliner to move those references up to the previous statement, where the
variable doesn't exist yet.

This is mitigated by disabling the IRGenerator inliner for var-decls
past the first one in a var-decls statement. (The optimizer will still
pass over this code later and is able to inline it correctly, if it is
worth doing.)

Change-Id: I7a0d45eab20e30ed9f6b2f5c1251b6e0d8eeaea3
Bug: oss-fuzz:26167
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/329357
Auto-Submit: John Stiles <johnstiles@google.com>
Commit-Queue: Ethan Nicholas <ethannicholas@google.com>
Reviewed-by: Ethan Nicholas <ethannicholas@google.com>
2020-10-23 16:10:15 +00:00
John Stiles
15d8174fc9 Add unit test for self-referential initializer expressions.
These don't compile in GLSL, so they shouldn't compile in SkSL either--
and fortunately, they do not.

(In C++, and consequently in Metal, these expressions are considered
legal by the grammar and do compile, but generate garbage output.)

Change-Id: I6c7bea70b3d91677ccd8fcbad1eba123d655e856
Bug: skia:10694
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/329359
Reviewed-by: Brian Osman <brianosman@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
Commit-Queue: John Stiles <johnstiles@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
2020-10-23 14:36:05 +00:00
John Stiles
a80a3dc170 Fix frexp support in Metal.
Our Metal codegen assumes that out params are pointers, but Metal's
built-in frexp actually takes a reference for the exponent, not a
pointer. We now add in a helper function to translate.

Change-Id: I24686347d07151dd99a1ff1c43aff2b35c3181e5
Bug: skia:10762
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/328387
Reviewed-by: Jim Van Verth <jvanverth@google.com>
Commit-Queue: Jim Van Verth <jvanverth@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
2020-10-20 15:31:31 +00:00
Brian Osman
8dbdf23f31 Remove two uses of setModifiersHandle
As a prelude to going back to sharing global data (safely), we want to
eliminate as much mutation of shared state as possible. The special
cases for global variable declaration were unnecessary, so just remove
them. The editing of main's parameters immediately after they were
created is also unnecessary - just hoist the logic up so we create the
variables correctly in the first place.

There is still one use, related to invocation ID. That's more
complicated (?), so leaving it as a separate CL.

Change-Id: Ia3dad78dd5a634273b2e2239368be7adaff65f38
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/325661
Commit-Queue: Brian Osman <brianosman@google.com>
Reviewed-by: John Stiles <johnstiles@google.com>
Auto-Submit: Brian Osman <brianosman@google.com>
2020-10-13 14:15:18 +00:00
Brian Osman
5d08a27530 Add geometry shader test demonstrating max_vertices/invocations bug
Declaring max_vertices before invocations fails to adjust max_vertices
when invocation support is not present. (It should be 4, not 2 in this
case).

Bug: skia:10827
Change-Id: Ief7af97eabf5414ea8363808fc1ad2e9c480fe10
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/325664
Commit-Queue: Brian Osman <brianosman@google.com>
Reviewed-by: John Stiles <johnstiles@google.com>
2020-10-12 21:19:33 +00:00
John Stiles
f972313fa1 Add test for disabling the inliner.
This golden verifies that when the inline threshold is zero, inlining is
not performed.

Change-Id: Icad6e1faed569dd1b2469874be3b9e635ad0b9ad
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/325656
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
Commit-Queue: John Stiles <johnstiles@google.com>
2020-10-12 17:14:07 +00:00
John Stiles
13fc260c70 Reject struct vardecls with modifiers.
These aren't allowed in GLSL, and typically don't make sense.

Change-Id: I0afca0df638590466922a809e91ef0be35b13ca8
Bug: skia:10765
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/324816
Commit-Queue: John Stiles <johnstiles@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Ethan Nicholas <ethannicholas@google.com>
2020-10-09 22:34:23 +00:00
John Stiles
6f3015a562 Reland "Add sk_Caps.builtinDeterminantSupport and use it in cross()."
This is a reland of 6bbf026b54

Original change's description:
> Add sk_Caps.builtinDeterminantSupport and use it in cross().
>
> This CL partially relands http://review.skia.org/321790.
>
> Change-Id: I26a1aefda8a01167783e6e7fa15a51aa35ee5d82
> Bug: skia:10819, skia:10810
> Reviewed-on: https://skia-review.googlesource.com/c/skia/+/323784
> Reviewed-by: Chris Dalton <csmartdalton@google.com>
> Commit-Queue: John Stiles <johnstiles@google.com>

Bug: skia:10819
Bug: skia:10810
Change-Id: I7731f93db07bc917707cbbe1daca2e5ce0f763d7
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/324620
Reviewed-by: John Stiles <johnstiles@google.com>
Commit-Queue: John Stiles <johnstiles@google.com>
2020-10-09 14:45:23 +00:00