From 389093403307c9e7f88a7ecd2491116be643ff03 Mon Sep 17 00:00:00 2001 From: Austin Eng Date: Mon, 6 Jan 2020 20:40:27 +0000 Subject: [PATCH] fuzzing: Create Instance and discover Adapters only once This patch moves Instance initialization and adapter discovery so that it is done once globally, and not for every fuzz input. This is to work around a bug where destructing the instance at the end of a run breaks when fuzzing with Swiftshader. Bug: dawn:295, chromium:1038952 Change-Id: Iabfe178f40b9df85d47a6353f16cd2ef26f39966 Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/14822 Commit-Queue: Austin Eng Reviewed-by: Corentin Wallez Reviewed-by: Kai Ninomiya --- src/fuzzers/DawnWireServerAndFrontendFuzzer.cpp | 2 -- src/fuzzers/DawnWireServerAndVulkanBackendFuzzer.cpp | 2 -- src/fuzzers/DawnWireServerFuzzer.cpp | 11 ++++++++--- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/src/fuzzers/DawnWireServerAndFrontendFuzzer.cpp b/src/fuzzers/DawnWireServerAndFrontendFuzzer.cpp index 66de7662e4..0126028095 100644 --- a/src/fuzzers/DawnWireServerAndFrontendFuzzer.cpp +++ b/src/fuzzers/DawnWireServerAndFrontendFuzzer.cpp @@ -25,8 +25,6 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { return DawnWireServerFuzzer::Run( data, size, [](dawn_native::Instance* instance) { - instance->DiscoverDefaultAdapters(); - std::vector adapters = instance->GetAdapters(); wgpu::Device nullDevice; diff --git a/src/fuzzers/DawnWireServerAndVulkanBackendFuzzer.cpp b/src/fuzzers/DawnWireServerAndVulkanBackendFuzzer.cpp index 266b75691c..784a8cee95 100644 --- a/src/fuzzers/DawnWireServerAndVulkanBackendFuzzer.cpp +++ b/src/fuzzers/DawnWireServerAndVulkanBackendFuzzer.cpp @@ -24,8 +24,6 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { return DawnWireServerFuzzer::Run( data, size, [](dawn_native::Instance* instance) { - instance->DiscoverDefaultAdapters(); - std::vector adapters = instance->GetAdapters(); wgpu::Device device; diff --git a/src/fuzzers/DawnWireServerFuzzer.cpp b/src/fuzzers/DawnWireServerFuzzer.cpp index 522e281e71..4d2af48d29 100644 --- a/src/fuzzers/DawnWireServerFuzzer.cpp +++ b/src/fuzzers/DawnWireServerFuzzer.cpp @@ -43,6 +43,7 @@ namespace { std::vector buf; }; + std::unique_ptr sInstance; WGPUProcDeviceCreateSwapChain sOriginalDeviceCreateSwapChain = nullptr; std::string sInjectedErrorTestcaseOutDir; @@ -86,6 +87,12 @@ int DawnWireServerFuzzer::Initialize(int* argc, char*** argv) { // Write the argument count *argc = argcOut; + // TODO(crbug.com/1038952): The Instance must be static because destructing the vkInstance with + // Swiftshader crashes libFuzzer. When this is fixed, move this into Run so that error injection + // for adapter discovery can be fuzzed. + sInstance = std::make_unique(); + sInstance->DiscoverDefaultAdapters(); + return 0; } @@ -125,8 +132,7 @@ int DawnWireServerFuzzer::Run(const uint8_t* data, dawnProcSetProcs(&procs); - std::unique_ptr instance = std::make_unique(); - wgpu::Device device = MakeDevice(instance.get()); + wgpu::Device device = MakeDevice(sInstance.get()); if (!device) { // We should only ever fail device creation if an error was injected. ASSERT(didInjectError); @@ -149,7 +155,6 @@ int DawnWireServerFuzzer::Run(const uint8_t* data, // Destroy the server before the device because it needs to free all objects. wireServer = nullptr; device = nullptr; - instance = nullptr; // If we support error injection, and an output directory was provided, output copies of the // original testcase data, prepended with the injected error index.