1 // Copyright 2021 The Tint Authors.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 #include "fuzzers/tint_ast_fuzzer/cli.h"
16
17 #include <cstring>
18 #include <iostream>
19 #include <limits>
20 #include <sstream>
21 #include <string>
22 #include <utility>
23
24 namespace tint {
25 namespace fuzzers {
26 namespace ast_fuzzer {
27 namespace {
28
29 const char* const kHelpMessage = R"(
30 This is a fuzzer for the Tint compiler that works by mutating the AST.
31
32 Below is a list of all supported parameters for this fuzzer. You may want to
33 run it with -help=1 to check out libfuzzer parameters.
34
35 -tint_enable_all_mutations=
36 If `false`, the fuzzer will only apply mutations from a
37 randomly selected subset of mutation types. Otherwise,
38 all mutation types will be considered. This must be one
39 of `true` or `false` (without `). By default it's `false`.
40
41 -tint_fuzzing_target=
42 Specifies the shading language to target during fuzzing.
43 This must be one or a combination of `wgsl`, `spv`, `hlsl`,
44 `msl` (without `) separated by commas. By default it's
45 `wgsl,msl,hlsl,spv`.
46
47 -tint_help
48 Show this message. Note that there is also a -help=1
49 parameter that will display libfuzzer's help message.
50
51 -tint_mutation_batch_size=
52 The number of mutations to apply in a single libfuzzer
53 mutation session. This must be a numeric value that fits
54 in type `uint32_t`. By default it's 5.
55 )";
56
HasPrefix(const char * str,const char * prefix)57 bool HasPrefix(const char* str, const char* prefix) {
58 return strncmp(str, prefix, strlen(prefix)) == 0;
59 }
60
InvalidParam(const char * param)61 [[noreturn]] void InvalidParam(const char* param) {
62 std::cout << "Invalid value for " << param << std::endl;
63 std::cout << kHelpMessage << std::endl;
64 exit(1);
65 }
66
ParseBool(const char * value,bool * out)67 bool ParseBool(const char* value, bool* out) {
68 if (!strcmp(value, "true")) {
69 *out = true;
70 } else if (!strcmp(value, "false")) {
71 *out = false;
72 } else {
73 return false;
74 }
75 return true;
76 }
77
ParseUint32(const char * value,uint32_t * out)78 bool ParseUint32(const char* value, uint32_t* out) {
79 auto parsed = strtoul(value, nullptr, 10);
80 if (parsed > std::numeric_limits<uint32_t>::max()) {
81 return false;
82 }
83 *out = static_cast<uint32_t>(parsed);
84 return true;
85 }
86
ParseFuzzingTarget(const char * value,FuzzingTarget * out)87 bool ParseFuzzingTarget(const char* value, FuzzingTarget* out) {
88 if (!strcmp(value, "wgsl")) {
89 *out = FuzzingTarget::kWgsl;
90 } else if (!strcmp(value, "spv")) {
91 *out = FuzzingTarget::kSpv;
92 } else if (!strcmp(value, "msl")) {
93 *out = FuzzingTarget::kMsl;
94 } else if (!strcmp(value, "hlsl")) {
95 *out = FuzzingTarget::kHlsl;
96 } else {
97 return false;
98 }
99 return true;
100 }
101
102 } // namespace
103
ParseCliParams(int * argc,char ** argv)104 CliParams ParseCliParams(int* argc, char** argv) {
105 CliParams cli_params;
106 auto help = false;
107
108 for (int i = *argc - 1; i > 0; --i) {
109 auto param = argv[i];
110 auto recognized_parameter = true;
111
112 if (HasPrefix(param, "-tint_enable_all_mutations=")) {
113 if (!ParseBool(param + sizeof("-tint_enable_all_mutations=") - 1,
114 &cli_params.enable_all_mutations)) {
115 InvalidParam(param);
116 }
117 } else if (HasPrefix(param, "-tint_mutation_batch_size=")) {
118 if (!ParseUint32(param + sizeof("-tint_mutation_batch_size=") - 1,
119 &cli_params.mutation_batch_size)) {
120 InvalidParam(param);
121 }
122 } else if (HasPrefix(param, "-tint_fuzzing_target=")) {
123 auto result = FuzzingTarget::kNone;
124
125 std::stringstream ss(param + sizeof("-tint_fuzzing_target=") - 1);
126 for (std::string value; std::getline(ss, value, ',');) {
127 auto tmp = FuzzingTarget::kNone;
128 if (!ParseFuzzingTarget(value.c_str(), &tmp)) {
129 InvalidParam(param);
130 }
131 result = result | tmp;
132 }
133
134 if (result == FuzzingTarget::kNone) {
135 InvalidParam(param);
136 }
137
138 cli_params.fuzzing_target = result;
139 } else if (!strcmp(param, "-tint_help")) {
140 help = true;
141 } else {
142 recognized_parameter = false;
143 }
144
145 if (recognized_parameter) {
146 // Remove the recognized parameter from the list of all parameters by
147 // swapping it with the last one. This will suppress warnings in the
148 // libFuzzer about unrecognized parameters. By default, libFuzzer thinks
149 // that all user-defined parameters start with two dashes. However, we are
150 // forced to use a single one to make the fuzzer compatible with the
151 // ClusterFuzz.
152 std::swap(argv[i], argv[*argc - 1]);
153 *argc -= 1;
154 }
155 }
156
157 if (help) {
158 std::cout << kHelpMessage << std::endl;
159 exit(0);
160 }
161
162 return cli_params;
163 }
164
165 } // namespace ast_fuzzer
166 } // namespace fuzzers
167 } // namespace tint
168