Add SKSL fuzzer

BUG=skia:5490
GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2418763004

Review-Url: https://codereview.chromium.org/2418763004

diff --git a/fuzz/fuzz.cpp b/fuzz/fuzz.cpp
index 5491946..cbfb744 100644 (file)
--- a/fuzz/fuzz.cpp
+++ b/fuzz/fuzz.cpp
@@ -16,6 +16,7 @@
 #include "SkPicture.h"
 #include "SkPicture.h"
 #include "SkPicture.h"
+#include "SkSLCompiler.h"
 #include "SkStream.h"
 
 #include <cmath>
@@ -39,6 +40,7 @@ static int fuzz_img(sk_sp<SkData>, uint8_t, uint8_t);
 static int fuzz_skp(sk_sp<SkData>);
 static int fuzz_icc(sk_sp<SkData>);
 static int fuzz_color_deserialize(sk_sp<SkData>);
+static int fuzz_sksl2glsl(sk_sp<SkData>);
 
 int main(int argc, char** argv) {
     SkCommandLineFlags::Parse(argc, argv);
@@ -53,22 +55,26 @@ int main(int argc, char** argv) {
     uint8_t option = calculate_option(bytes.get());
 
     if (!FLAGS_type.isEmpty()) {
-        switch (FLAGS_type[0][0]) {
-            case 'a': return fuzz_api(bytes);
-
-            case 'c': return fuzz_color_deserialize(bytes);
-
-            case 'i':
-                if (FLAGS_type[0][1] == 'c') { //icc
-                    return fuzz_icc(bytes);
-                }
-                // We only allow one degree of freedom to avoid a search space explosion for afl-fuzz.
-                if (FLAGS_type[0][6] == 's') { // image_scale
-                    return fuzz_img(bytes, option, 0);
-                }
-                // image_mode
-                return fuzz_img(bytes, 0, option);
-            case 's': return fuzz_skp(bytes);
+        if (0 == strcmp("api", FLAGS_type[0])) {
+            return fuzz_api(bytes);
+        }
+        if (0 == strcmp("color_deserialize", FLAGS_type[0])) {
+            return fuzz_color_deserialize(bytes);
+        }
+        if (0 == strcmp("icc", FLAGS_type[0])) {
+            return fuzz_icc(bytes);
+        }
+        if (0 == strcmp("image_scale", FLAGS_type[0])) {
+            return fuzz_img(bytes, option, 0);
+        }
+        if (0 == strcmp("image_mode", FLAGS_type[0])) {
+            return fuzz_img(bytes, 0, option);
+        }
+        if (0 == strcmp("skp", FLAGS_type[0])) {
+            return fuzz_skp(bytes);
+        }
+        if (0 == strcmp("sksl2glsl", FLAGS_type[0])) {
+            return fuzz_sksl2glsl(bytes);
         }
     }
     return printUsage(argv[0]);
@@ -400,6 +406,32 @@ int fuzz_color_deserialize(sk_sp<SkData> bytes) {
     return 0;
 }
 
+static SkSL::GLCaps default_caps() {
+    return {
+             400,
+             SkSL::GLCaps::kGL_Standard,
+             false, // isCoreProfile
+             false, // usesPrecisionModifiers;
+             false, // mustDeclareFragmentShaderOutput
+             true,   // canUseMinAndAbsTogether
+             false  // mustForceNegatedAtanParamToFloat
+           };
+}
+
+int fuzz_sksl2glsl(sk_sp<SkData> bytes) {
+    SkSL::Compiler compiler;
+    std::string output;
+    bool result = compiler.toGLSL(SkSL::Program::kFragment_Kind,
+        (const char*)bytes->data(), default_caps(), &output);
+
+    if (!result) {
+        SkDebugf("[terminated] Couldn't compile input.\n");
+        return 1;
+    }
+    SkDebugf("[terminated] Success! Compiled input.\n");
+    return 0;
+}
+
 Fuzz::Fuzz(sk_sp<SkData> bytes) : fBytes(bytes), fNextByte(0) {}
 
 void Fuzz::signalBug   () { SkDebugf("Signal bug\n"); raise(SIGSEGV); }