The major improvement is that now the fuzzer is able to execute
the sksl code (before it just compiled it). The fuzzer will
reserve 256 bytes for providing uniforms to the shader;
meanwhile, the fuzzer will read the remaining bytes as sksl code
to create SkRuntimeEffect. It then creates a shader and executes
it by painting the shader on a canvas.
The code was tested locally with afl-fuzz, and the execution
speed was around 700/sec.
An alternative implementation would have been using Fuzz.h to
read bytes; I decided to go with sk_sp<SkData> since it has a
comparable format to other binary fuzzer and meets all the
functionality in this fuzzer.
For future changes, there are 2 important improvements to the
implementation:
1) Current shader does not have children shaders; thus,
makeShader() will fail if the SkSL ever tries to use an 'in shader'.
As pointed out in patchset 11, after creating the runtime effect,
effect->children().count() will tell you how many children it's
expecting (how many 'in shader' variables were declared). When you
call makeShader(), the second and third arguments are a
(C-style) array of shader pointers, and
a count (which must match children().count()).
Some helpful examples can be SkRTShader::CreateProc in
SkRuntimeEffect.cpp, make_fuzz_shader in FuzzCanvas.cpp.
2)
In this fuzzer, after creating the paint from a shader, the paint
can be drawn on either GPU canvas or CPU, so a possible way is to
use SkSurface::MakeRenderTarget to create GPU canvas and use a byte
to determine which canvas it will be drawn on.
Change-Id: Ib0385edd0f5ec2f23744aa517135a6955c53ba38
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/300618
Commit-Queue: Zepeng Hu <zepenghu@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
Reviewed-by: Kevin Lubick <kjlubick@google.com>
This updates skiaserve, fm, and the fuzzer
Change-Id: Ia1b447b79723eeab73da11755d28f7ab443d5fbb
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/300263
Reviewed-by: Adlai Holler <adlai@google.com>
Commit-Queue: Robert Phillips <robertphillips@google.com>
When manipulating svg file, the implementation of SkSVGCanvas will be used instead of the
implementation of SkCanvas, so the api are tested against SkSVGCanvas. In addition, there are
more api need to be covered in the function fuzz_canvas. As a result, the main changes are to
add new DEF_FUZZ for SkSVGCanvas and to modify fuzz_canvas to increase the coverages of api.
Change-Id: Iaf6114bb0e2929c73549ff398c3db5592e736ea2
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/298977
Commit-Queue: Zepeng Hu <zepenghu@google.com>
Reviewed-by: Kevin Lubick <kjlubick@google.com>
Reviewed-by: Mike Klein <mtklein@google.com>
This CL is not fully comprehensive; for instance, it does not contain
fixes for backends that don't compile on Mac. But it does resolve the
vast majority of cases that trigger -Wimplicit-fallthrough.
A few minor bugs were found and fixed, but none that were likely to
affect normal operation.
Change-Id: I43487602b0d56200ce8b42702e04f66390d82f60
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/295916
Reviewed-by: Mike Klein <mtklein@google.com>
Commit-Queue: John Stiles <johnstiles@google.com>
This reverts commit c80ee456ad.
fix: update flutter's gn file to add guard
Change-Id: Iac5171c8475d9a862d06255dab1c6f38f10de2f2
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/291361
Reviewed-by: Mike Reed <reed@google.com>
Commit-Queue: Mike Reed <reed@google.com>
Updated to use sentinel GL context even when GL backend is not built.
This reverts commit 1171d314ef.
Change-Id: Ia94bbe4865ddd4e898446c13886877c539f0eb0b
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/277976
Reviewed-by: Greg Daniel <egdaniel@google.com>
Commit-Queue: Brian Salomon <bsalomon@google.com>
Use std::min and std::max everywhere.
SkTPin still exists. We can't use std::clamp yet, and even when
we can, it has undefined behavior with NaN. SkTPin is written
to ensure that we return a value in the [lo, hi] range.
Change-Id: I506852a36e024ae405358d5078a872e2c77fa71e
Docs-Preview: https://skia.org/?cl=269357
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/269357
Commit-Queue: Brian Osman <brianosman@google.com>
Reviewed-by: Mike Reed <reed@google.com>
Reviewed-by: Brian Salomon <bsalomon@google.com>
Bundling the pipeline stage arguments also simplifies the code in
several spots.
Change-Id: I85e81b436a39378f753cc9404b6eeb27fe055525
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/261778
Reviewed-by: Brian Salomon <bsalomon@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
The SkDescriptor fuzzer did not call init. This caused
mysterious failures.
Make SkDescriptor's constructor initialize its fields.
Remove init().
Change-Id: Icab79c53b2d2878fceecfec06c886b71613cea6f
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/260287
Reviewed-by: Mike Klein <mtklein@google.com>
Reviewed-by: Mike Reed <reed@google.com>
Commit-Queue: Herb Derby <herb@google.com>
All caller were passing the maxium value, those that weren't still function if they are made to.
Change-Id: Id9b5d8dbbbdf10a02ea0f3b21d500059ec383e3a
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/259808
Commit-Queue: Nathaniel Nifong <nifong@google.com>
Reviewed-by: Mike Klein <mtklein@google.com>
UBSAN freaks out.
Bug: oss-fuzz:19358
Change-Id: I7c5fc129042b8b30fb5f10fe56b97cf62877c9bf
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/259537
Commit-Queue: Mike Klein <mtklein@google.com>
Commit-Queue: Brian Salomon <bsalomon@google.com>
Auto-Submit: Mike Klein <mtklein@google.com>
Reviewed-by: Brian Salomon <bsalomon@google.com>
This reverts commit 3e7af41224.
Change-Id: Id4f66b3956f4bdbe690db20fc478b7365ee89717
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/256676
Reviewed-by: Mike Reed <reed@google.com>
Commit-Queue: Mike Reed <reed@google.com>
Auto-Submit: Mike Reed <reed@google.com>
This reverts commit 1792b19485.
Reason for revert: need to update legacy_convexity, still used by google3
Original change's description:
> Revert "Revert "Use flat version of path-direction enum""
>
> This reverts commit 0dacc6b7d3.
>
> Change-Id: Ie103e9f36b07e4ee256a3688a4decf3a6dd74314
> Reviewed-on: https://skia-review.googlesource.com/c/skia/+/255832
> Auto-Submit: Mike Reed <reed@google.com>
> Reviewed-by: Mike Reed <reed@google.com>
> Commit-Queue: Mike Reed <reed@google.com>
TBR=reed@google.com
Change-Id: I0ecea0eb8a237298c6b908cc4bfd1cacdfc5b900
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/255976
Reviewed-by: Mike Reed <reed@google.com>
Commit-Queue: Mike Reed <reed@google.com>
This reverts commit 0dacc6b7d3.
Change-Id: Ie103e9f36b07e4ee256a3688a4decf3a6dd74314
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/255832
Auto-Submit: Mike Reed <reed@google.com>
Reviewed-by: Mike Reed <reed@google.com>
Commit-Queue: Mike Reed <reed@google.com>
This reverts commit e0fbe94351.
Reason for revert: need to add guard flag to flutter
Original change's description:
> Use flat version of path-direction enum
>
> Bug: skia:9663
> Change-Id: I00077d9f2b14b3e983e6a46ef6f560cabdb1678d
> Reviewed-on: https://skia-review.googlesource.com/c/skia/+/242557
> Commit-Queue: Mike Reed <reed@google.com>
> Reviewed-by: Florin Malita <fmalita@chromium.org>
TBR=fmalita@chromium.org,reed@google.com
Change-Id: If47173d9b203b2d3a175af290a15d986accb4703
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: skia:9663
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/255831
Reviewed-by: Mike Reed <reed@google.com>
Commit-Queue: Mike Reed <reed@google.com>
One is an API fuzzer, the other is for deserializing.
Bug: skia:9548
Change-Id: I5923b8fb76f36ec09fca74d5ba82245a8ddb5938
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/249776
Reviewed-by: Herb Derby <herb@google.com>
Commit-Queue: Kevin Lubick <kjlubick@google.com>
This is a reland of 6fc04f88a8
Original change's description:
> Reland "SkSurface asynchronous read APIs allow client to extend pixel lifetime"
>
> This is a reland of ce240cc6fd
>
> Original change's description:
> > SkSurface asynchronous read APIs allow client to extend pixel lifetime
> >
> > Previously the pixel data passed to the client was only valid during
> > the client's callback. This meant if the client wanted to defer
> > processing of the data a copy was necessary.
> >
> > Now we pass an object to the callback and the pixel lifetime is tied
> > to the lifetime of that object.
> >
> > The object may be holding a GPU transfer buffer mapped. We don't assume
> > that the object will be released on the direct GrContext thread. So
> > when the object is destroyed it posts a message to a new type,
> > GrClientMappedBufferManager, hanging off the direct context. The direct
> > context will periodically check for messages and unmap and then unref
> > buffers so that they can be reused. Currently this is done in
> > GrContext::performDeferredCleanup() and GrDrawingManager::flush().
> >
> > The old API is kept around for backwards compatibility but it is
> > reimplemented as a bridge on top of the new mechanism.
> >
> > Also a utility function to SkImageInfo is added to directly make a new
> > info with a specified dimensions rather than passing the width and
> > height separately to makeWH().
> >
> > Bug: chromium:973403
> > Bug: skia:8962
> >
> > Change-Id: Id5cf04235376170142a48e90d3ecd13fd021a2a6
> > Reviewed-on: https://skia-review.googlesource.com/c/skia/+/245457
> > Reviewed-by: Brian Osman <brianosman@google.com>
> > Commit-Queue: Brian Salomon <bsalomon@google.com>
>
> Bug: chromium:973403, skia:8962
> Change-Id: I5cecd36276c8b6dc942cf549c7095db2df88530c
> Reviewed-on: https://skia-review.googlesource.com/c/skia/+/245678
> Reviewed-by: Brian Salomon <bsalomon@google.com>
> Commit-Queue: Brian Salomon <bsalomon@google.com>
Bug: chromium:973403, skia:8962
Change-Id: Ie584c1c3ef8021c976f71b708e53871c693cc450
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/246057
Reviewed-by: Brian Osman <brianosman@google.com>
Commit-Queue: Brian Salomon <bsalomon@google.com>
This reverts commit 6fc04f88a8.
Reason for revert: Chrome roll failure suspect because of:
* https://chromium-review.googlesource.com/c/chromium/src/+/1837131 (22 commits)
* https://chromium-review.googlesource.com/c/chromium/src/+/1837214 (24 commits)
Original change's description:
> Reland "SkSurface asynchronous read APIs allow client to extend pixel lifetime"
>
> This is a reland of ce240cc6fd
>
> Original change's description:
> > SkSurface asynchronous read APIs allow client to extend pixel lifetime
> >
> > Previously the pixel data passed to the client was only valid during
> > the client's callback. This meant if the client wanted to defer
> > processing of the data a copy was necessary.
> >
> > Now we pass an object to the callback and the pixel lifetime is tied
> > to the lifetime of that object.
> >
> > The object may be holding a GPU transfer buffer mapped. We don't assume
> > that the object will be released on the direct GrContext thread. So
> > when the object is destroyed it posts a message to a new type,
> > GrClientMappedBufferManager, hanging off the direct context. The direct
> > context will periodically check for messages and unmap and then unref
> > buffers so that they can be reused. Currently this is done in
> > GrContext::performDeferredCleanup() and GrDrawingManager::flush().
> >
> > The old API is kept around for backwards compatibility but it is
> > reimplemented as a bridge on top of the new mechanism.
> >
> > Also a utility function to SkImageInfo is added to directly make a new
> > info with a specified dimensions rather than passing the width and
> > height separately to makeWH().
> >
> > Bug: chromium:973403
> > Bug: skia:8962
> >
> > Change-Id: Id5cf04235376170142a48e90d3ecd13fd021a2a6
> > Reviewed-on: https://skia-review.googlesource.com/c/skia/+/245457
> > Reviewed-by: Brian Osman <brianosman@google.com>
> > Commit-Queue: Brian Salomon <bsalomon@google.com>
>
> Bug: chromium:973403, skia:8962
> Change-Id: I5cecd36276c8b6dc942cf549c7095db2df88530c
> Reviewed-on: https://skia-review.googlesource.com/c/skia/+/245678
> Reviewed-by: Brian Salomon <bsalomon@google.com>
> Commit-Queue: Brian Salomon <bsalomon@google.com>
TBR=bsalomon@google.com,brianosman@google.com
Change-Id: I9e01d1b82fb399b94292441d91da51176bb161d9
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:973403, skia:8962
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/245956
Reviewed-by: Ravi Mistry <rmistry@google.com>
Commit-Queue: Ravi Mistry <rmistry@google.com>
This is a reland of ce240cc6fd
Original change's description:
> SkSurface asynchronous read APIs allow client to extend pixel lifetime
>
> Previously the pixel data passed to the client was only valid during
> the client's callback. This meant if the client wanted to defer
> processing of the data a copy was necessary.
>
> Now we pass an object to the callback and the pixel lifetime is tied
> to the lifetime of that object.
>
> The object may be holding a GPU transfer buffer mapped. We don't assume
> that the object will be released on the direct GrContext thread. So
> when the object is destroyed it posts a message to a new type,
> GrClientMappedBufferManager, hanging off the direct context. The direct
> context will periodically check for messages and unmap and then unref
> buffers so that they can be reused. Currently this is done in
> GrContext::performDeferredCleanup() and GrDrawingManager::flush().
>
> The old API is kept around for backwards compatibility but it is
> reimplemented as a bridge on top of the new mechanism.
>
> Also a utility function to SkImageInfo is added to directly make a new
> info with a specified dimensions rather than passing the width and
> height separately to makeWH().
>
> Bug: chromium:973403
> Bug: skia:8962
>
> Change-Id: Id5cf04235376170142a48e90d3ecd13fd021a2a6
> Reviewed-on: https://skia-review.googlesource.com/c/skia/+/245457
> Reviewed-by: Brian Osman <brianosman@google.com>
> Commit-Queue: Brian Salomon <bsalomon@google.com>
Bug: chromium:973403, skia:8962
Change-Id: I5cecd36276c8b6dc942cf549c7095db2df88530c
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/245678
Reviewed-by: Brian Salomon <bsalomon@google.com>
Commit-Queue: Brian Salomon <bsalomon@google.com>
This reverts commit ce240cc6fd.
Reason for revert: crashing in chrome unit test, abandoned context related?
Original change's description:
> SkSurface asynchronous read APIs allow client to extend pixel lifetime
>
> Previously the pixel data passed to the client was only valid during
> the client's callback. This meant if the client wanted to defer
> processing of the data a copy was necessary.
>
> Now we pass an object to the callback and the pixel lifetime is tied
> to the lifetime of that object.
>
> The object may be holding a GPU transfer buffer mapped. We don't assume
> that the object will be released on the direct GrContext thread. So
> when the object is destroyed it posts a message to a new type,
> GrClientMappedBufferManager, hanging off the direct context. The direct
> context will periodically check for messages and unmap and then unref
> buffers so that they can be reused. Currently this is done in
> GrContext::performDeferredCleanup() and GrDrawingManager::flush().
>
> The old API is kept around for backwards compatibility but it is
> reimplemented as a bridge on top of the new mechanism.
>
> Also a utility function to SkImageInfo is added to directly make a new
> info with a specified dimensions rather than passing the width and
> height separately to makeWH().
>
> Bug: chromium:973403
> Bug: skia:8962
>
> Change-Id: Id5cf04235376170142a48e90d3ecd13fd021a2a6
> Reviewed-on: https://skia-review.googlesource.com/c/skia/+/245457
> Reviewed-by: Brian Osman <brianosman@google.com>
> Commit-Queue: Brian Salomon <bsalomon@google.com>
TBR=bsalomon@google.com,brianosman@google.com
Change-Id: Ic14cf07a7629b167c9f34a651aa87a0326e74207
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:973403, skia:8962
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/245721
Reviewed-by: Brian Salomon <bsalomon@google.com>
Commit-Queue: Brian Salomon <bsalomon@google.com>
Previously the pixel data passed to the client was only valid during
the client's callback. This meant if the client wanted to defer
processing of the data a copy was necessary.
Now we pass an object to the callback and the pixel lifetime is tied
to the lifetime of that object.
The object may be holding a GPU transfer buffer mapped. We don't assume
that the object will be released on the direct GrContext thread. So
when the object is destroyed it posts a message to a new type,
GrClientMappedBufferManager, hanging off the direct context. The direct
context will periodically check for messages and unmap and then unref
buffers so that they can be reused. Currently this is done in
GrContext::performDeferredCleanup() and GrDrawingManager::flush().
The old API is kept around for backwards compatibility but it is
reimplemented as a bridge on top of the new mechanism.
Also a utility function to SkImageInfo is added to directly make a new
info with a specified dimensions rather than passing the width and
height separately to makeWH().
Bug: chromium:973403
Bug: skia:8962
Change-Id: Id5cf04235376170142a48e90d3ecd13fd021a2a6
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/245457
Reviewed-by: Brian Osman <brianosman@google.com>
Commit-Queue: Brian Salomon <bsalomon@google.com>
Add version SkImageInfo::Make() that takes SkISize instead of separate
width and height.
Change-Id: I42aa79d23b19e22f5405631728c245b04bce0559
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/245172
Commit-Queue: Brian Salomon <bsalomon@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
Bug: skia:
Change-Id: I1483cdf7229b7234be41d21407e2b4abf99fff76
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/239925
Reviewed-by: Brian Osman <brianosman@google.com>
Commit-Queue: Ethan Nicholas <ethannicholas@google.com>
Bug: skia:9281
Change-Id: I189dbf652580805641f8c4b9a6587cf15a9049dd
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/231256
Commit-Queue: Michael Ludwig <michaelludwig@google.com>
Reviewed-by: Robert Phillips <robertphillips@google.com>
Bug: skia:9280
Change-Id: I36c197a8481c99b6f8577fc613869ff89f1d5ef6
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/230886
Commit-Queue: Michael Ludwig <michaelludwig@google.com>
Reviewed-by: Hal Canary <halcanary@google.com>
Reviewed-by: Robert Phillips <robertphillips@google.com>
This will make fuzzing more hermetic and less machine-dependent.
Docs-Preview: https://skia.org/?cl=217864
Change-Id: If29d7b86e5290e9f749cb2fdde6f2ff892ffc333
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/217864
Commit-Queue: Kevin Lubick <kjlubick@google.com>
Reviewed-by: Mike Klein <mtklein@google.com>
