1*c8dee2aaSAndroid Build Coastguard Worker /*
2*c8dee2aaSAndroid Build Coastguard Worker * Copyright 2020 Google, LLC
3*c8dee2aaSAndroid Build Coastguard Worker *
4*c8dee2aaSAndroid Build Coastguard Worker * Use of this source code is governed by a BSD-style license that can be
5*c8dee2aaSAndroid Build Coastguard Worker * found in the LICENSE file.
6*c8dee2aaSAndroid Build Coastguard Worker */
7*c8dee2aaSAndroid Build Coastguard Worker
8*c8dee2aaSAndroid Build Coastguard Worker #include "fuzz/Fuzz.h"
9*c8dee2aaSAndroid Build Coastguard Worker #include "fuzz/FuzzCommon.h"
10*c8dee2aaSAndroid Build Coastguard Worker #include "include/core/SkCanvas.h"
11*c8dee2aaSAndroid Build Coastguard Worker #include "include/core/SkPaint.h"
12*c8dee2aaSAndroid Build Coastguard Worker #include "include/core/SkShader.h"
13*c8dee2aaSAndroid Build Coastguard Worker #include "include/core/SkSurface.h"
14*c8dee2aaSAndroid Build Coastguard Worker #include "include/effects/SkRuntimeEffect.h"
15*c8dee2aaSAndroid Build Coastguard Worker #include "include/private/base/SkTArray.h"
16*c8dee2aaSAndroid Build Coastguard Worker #include "src/gpu/ganesh/GrShaderCaps.h"
17*c8dee2aaSAndroid Build Coastguard Worker
18*c8dee2aaSAndroid Build Coastguard Worker using namespace skia_private;
19*c8dee2aaSAndroid Build Coastguard Worker
20*c8dee2aaSAndroid Build Coastguard Worker /**
21*c8dee2aaSAndroid Build Coastguard Worker * The fuzzer treats the input bytes as an SkSL shader program. The requested number of uniforms and
22*c8dee2aaSAndroid Build Coastguard Worker * children are automatically synthesized to match the program's needs.
23*c8dee2aaSAndroid Build Coastguard Worker *
24*c8dee2aaSAndroid Build Coastguard Worker * We fuzz twice, with two different settings for inlining in the SkSL compiler. By default, the
25*c8dee2aaSAndroid Build Coastguard Worker * compiler inlines most small to medium functions. This can hide bugs related to function-calling.
26*c8dee2aaSAndroid Build Coastguard Worker * So we run the fuzzer once with inlining disabled, and again with it enabled.
27*c8dee2aaSAndroid Build Coastguard Worker * This gives us better coverage, and eases the burden on the fuzzer to inject useless noise into
28*c8dee2aaSAndroid Build Coastguard Worker * functions to suppress inlining.
29*c8dee2aaSAndroid Build Coastguard Worker */
FuzzSkRuntimeEffect_Once(const SkString & shaderText,const SkRuntimeEffect::Options & options)30*c8dee2aaSAndroid Build Coastguard Worker static bool FuzzSkRuntimeEffect_Once(const SkString& shaderText,
31*c8dee2aaSAndroid Build Coastguard Worker const SkRuntimeEffect::Options& options) {
32*c8dee2aaSAndroid Build Coastguard Worker SkRuntimeEffect::Result result = SkRuntimeEffect::MakeForShader(shaderText, options);
33*c8dee2aaSAndroid Build Coastguard Worker SkRuntimeEffect* effect = result.effect.get();
34*c8dee2aaSAndroid Build Coastguard Worker if (!effect) {
35*c8dee2aaSAndroid Build Coastguard Worker return false;
36*c8dee2aaSAndroid Build Coastguard Worker }
37*c8dee2aaSAndroid Build Coastguard Worker
38*c8dee2aaSAndroid Build Coastguard Worker sk_sp<SkData> uniformBytes;
39*c8dee2aaSAndroid Build Coastguard Worker TArray<SkRuntimeEffect::ChildPtr> children;
40*c8dee2aaSAndroid Build Coastguard Worker FuzzCreateValidInputsForRuntimeEffect(effect, uniformBytes, children);
41*c8dee2aaSAndroid Build Coastguard Worker
42*c8dee2aaSAndroid Build Coastguard Worker sk_sp<SkShader> shader = effect->makeShader(uniformBytes, SkSpan(children));
43*c8dee2aaSAndroid Build Coastguard Worker if (!shader) {
44*c8dee2aaSAndroid Build Coastguard Worker return false;
45*c8dee2aaSAndroid Build Coastguard Worker }
46*c8dee2aaSAndroid Build Coastguard Worker SkPaint paint;
47*c8dee2aaSAndroid Build Coastguard Worker paint.setShader(std::move(shader));
48*c8dee2aaSAndroid Build Coastguard Worker
49*c8dee2aaSAndroid Build Coastguard Worker sk_sp<SkSurface> s = SkSurfaces::Raster(SkImageInfo::MakeN32Premul(4, 4));
50*c8dee2aaSAndroid Build Coastguard Worker if (!s) {
51*c8dee2aaSAndroid Build Coastguard Worker return false;
52*c8dee2aaSAndroid Build Coastguard Worker }
53*c8dee2aaSAndroid Build Coastguard Worker s->getCanvas()->drawPaint(paint);
54*c8dee2aaSAndroid Build Coastguard Worker
55*c8dee2aaSAndroid Build Coastguard Worker return true;
56*c8dee2aaSAndroid Build Coastguard Worker }
57*c8dee2aaSAndroid Build Coastguard Worker
FuzzSkRuntimeEffect(const uint8_t * data,size_t size)58*c8dee2aaSAndroid Build Coastguard Worker bool FuzzSkRuntimeEffect(const uint8_t *data, size_t size) {
59*c8dee2aaSAndroid Build Coastguard Worker // Test once with optimization disabled...
60*c8dee2aaSAndroid Build Coastguard Worker SkString shaderText{reinterpret_cast<const char*>(data), size};
61*c8dee2aaSAndroid Build Coastguard Worker SkRuntimeEffect::Options options;
62*c8dee2aaSAndroid Build Coastguard Worker options.forceUnoptimized = true;
63*c8dee2aaSAndroid Build Coastguard Worker bool result = FuzzSkRuntimeEffect_Once(shaderText, options);
64*c8dee2aaSAndroid Build Coastguard Worker
65*c8dee2aaSAndroid Build Coastguard Worker // ... and then with optimization enabled.
66*c8dee2aaSAndroid Build Coastguard Worker options.forceUnoptimized = false;
67*c8dee2aaSAndroid Build Coastguard Worker result = FuzzSkRuntimeEffect_Once(shaderText, options) || result;
68*c8dee2aaSAndroid Build Coastguard Worker
69*c8dee2aaSAndroid Build Coastguard Worker return result;
70*c8dee2aaSAndroid Build Coastguard Worker }
71*c8dee2aaSAndroid Build Coastguard Worker
72*c8dee2aaSAndroid Build Coastguard Worker #if defined(SK_BUILD_FOR_LIBFUZZER)
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)73*c8dee2aaSAndroid Build Coastguard Worker extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
74*c8dee2aaSAndroid Build Coastguard Worker if (size > 3000) {
75*c8dee2aaSAndroid Build Coastguard Worker return 0;
76*c8dee2aaSAndroid Build Coastguard Worker }
77*c8dee2aaSAndroid Build Coastguard Worker FuzzSkRuntimeEffect(data, size);
78*c8dee2aaSAndroid Build Coastguard Worker return 0;
79*c8dee2aaSAndroid Build Coastguard Worker }
80*c8dee2aaSAndroid Build Coastguard Worker #endif
81