encounter/dawn-cmake
1
0
Fork 0
mirror of https://github.com/encounter/dawn-cmake.git synced 2025-12-21 10:49:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add the disallow_unsafe_apis toggle.

Browse Source 
Some APIs exposed by Dawn are not expected to be fully secured until
after the first Origin Trial of WebGPU. To prevent their usage we add a
new toggle that will be set by default by Chromium. This toggle throws a
validation error when an unsafe API is used.

Bug: chromium:1138528

Change-Id: I831db70bdac5128ebc32d36d55a0eaefc42c1807
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/31443
Reviewed-by: Corentin Wallez <cwallez@chromium.org>
Commit-Queue: Corentin Wallez <cwallez@chromium.org>
This commit is contained in:
Corentin Wallez
2020-11-03 10:54:56 +00:00
committed by Commit Bot service account
parent 43ef0a365b
commit 8d248300c4
7 changed files with 309 additions and 105 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/dawn_native/BindGroupLayout.cpp
View File

@@ -148,6 +148,15 @@ namespace dawn_native {
return DAWN_VALIDATION_ERROR("Binding type cannot be used with this visibility.");
}
// Dynamic storage buffers aren't bounds checked properly in D3D12. Disallow them as
// unsafe until the bounds checks are implemented.
if (device->IsToggleEnabled(Toggle::DisallowUnsafeAPIs) &&
entry.type == wgpu::BindingType::StorageBuffer && entry.hasDynamicOffset) {
return DAWN_VALIDATION_ERROR(
"Dynamic storage buffers are disallowed because they aren't secure yet. See "
"https://crbug.com/dawn/429");
}
IncrementBindingCounts(&bindingCounts, entry);
bindingsSet.insert(bindingNumber);

8
src/dawn_native/ComputePassEncoder.cpp
View File

@@ -70,6 +70,14 @@ namespace dawn_native {
mEncodingContext->TryEncode(this, [&](CommandAllocator* allocator) -> MaybeError {
DAWN_TRY(GetDevice()->ValidateObject(indirectBuffer));
// Indexed dispatches need a compute-shader based validation to check that the dispatch
// sizes aren't too big. Disallow them as unsafe until the validation is implemented.
if (GetDevice()->IsToggleEnabled(Toggle::DisallowUnsafeAPIs)) {
return DAWN_VALIDATION_ERROR(
"DispatchIndirect is disallowed because it doesn't validate that the dispatch "
"size is valid yet.");
}
if (indirectOffset % 4 != 0) {
return DAWN_VALIDATION_ERROR("Indirect offset must be a multiple of 4");
}

9
src/dawn_native/RenderEncoderBase.cpp
View File

@@ -112,6 +112,15 @@ namespace dawn_native {
mEncodingContext->TryEncode(this, [&](CommandAllocator* allocator) -> MaybeError {
DAWN_TRY(GetDevice()->ValidateObject(indirectBuffer));
// Indexed indirect draws need a compute-shader based validation check that the range of
// indices is contained inside the index buffer on Metal. Disallow them as unsafe until
// the validation is implemented.
if (GetDevice()->IsToggleEnabled(Toggle::DisallowUnsafeAPIs)) {
return DAWN_VALIDATION_ERROR(
"DrawIndexedIndirect is disallowed because it doesn't validate that the index "
"range is valid yet.");
}
if (indirectOffset % 4 != 0) {
return DAWN_VALIDATION_ERROR("Indirect offset must be a multiple of 4");
}

217
src/dawn_native/Toggles.cpp
View File

@@ -29,111 +29,118 @@ namespace dawn_native {
using ToggleEnumAndInfoList =
std::array<ToggleEnumAndInfo, static_cast<size_t>(Toggle::EnumCount)>;
static constexpr ToggleEnumAndInfoList kToggleNameAndInfoList = {
{{Toggle::EmulateStoreAndMSAAResolve,
{"emulate_store_and_msaa_resolve",
"Emulate storing into multisampled color attachments and doing MSAA resolve "
"simultaneously. This workaround is enabled by default on the Metal drivers that do "
"not support MTLStoreActionStoreAndMultisampleResolve. To support StoreOp::Store on "
"those platforms, we should do MSAA resolve in another render pass after ending the "
"previous one.",
"https://crbug.com/dawn/56"}},
{Toggle::NonzeroClearResourcesOnCreationForTesting,
{"nonzero_clear_resources_on_creation_for_testing",
"Clears texture to full 1 bits as soon as they are created, but doesn't update "
"the tracking state of the texture. This way we can test the logic of clearing "
"textures that use recycled memory.",
"https://crbug.com/dawn/145"}},
{Toggle::AlwaysResolveIntoZeroLevelAndLayer,
{"always_resolve_into_zero_level_and_layer",
"When the resolve target is a texture view that is created on the non-zero level or "
"layer of a texture, we first resolve into a temporarily 2D texture with only one "
"mipmap level and one array layer, and copy the result of MSAA resolve into the "
"true resolve target. This workaround is enabled by default on the Metal drivers "
"that have bugs when setting non-zero resolveLevel or resolveSlice.",
"https://crbug.com/dawn/56"}},
{Toggle::LazyClearResourceOnFirstUse,
{"lazy_clear_resource_on_first_use",
"Clears resource to zero on first usage. This initializes the resource "
"so that no dirty bits from recycled memory is present in the new resource.",
"https://crbug.com/dawn/145"}},
{Toggle::TurnOffVsync,
{"turn_off_vsync",
"Turn off vsync when rendering. In order to do performance test or run perf tests, "
"turn off vsync so that the fps can exeed 60.",
"https://crbug.com/dawn/237"}},
{Toggle::UseTemporaryBufferInCompressedTextureToTextureCopy,
{"use_temporary_buffer_in_texture_to_texture_copy",
"Split texture-to-texture copy into two copies: copy from source texture into a "
"temporary buffer, and copy from the temporary buffer into the destination texture "
"when copying between compressed textures that don't have block-aligned sizes. This "
"workaround is enabled by default on all Vulkan drivers to solve an issue in the "
"Vulkan SPEC about the texture-to-texture copies with compressed formats. See #1005 "
"(https://github.com/KhronosGroup/Vulkan-Docs/issues/1005) for more details.",
"https://crbug.com/dawn/42"}},
{Toggle::UseD3D12ResourceHeapTier2,
{"use_d3d12_resource_heap_tier2",
"Enable support for resource heap tier 2. Resource heap tier 2 allows mixing of "
"texture and buffers in the same heap. This allows better heap re-use and reduces "
"fragmentation.",
"https://crbug.com/dawn/27"}},
{Toggle::UseD3D12RenderPass,
{"use_d3d12_render_pass",
"Use the D3D12 render pass API introduced in Windows build 1809 by default. On "
"versions of Windows prior to build 1809, or when this toggle is turned off, Dawn "
"will emulate a render pass.",
"https://crbug.com/dawn/36"}},
{Toggle::UseD3D12ResidencyManagement,
{"use_d3d12_residency_management",
"Enable residency management. This allows page-in and page-out of resource heaps in "
"GPU memory. This component improves overcommitted performance by keeping the most "
"recently used resources local to the GPU. Turning this component off can cause "
"allocation failures when application memory exceeds physical device memory.",
"https://crbug.com/dawn/193"}},
{Toggle::SkipValidation,
{"skip_validation", "Skip expensive validation of Dawn commands.",
"https://crbug.com/dawn/271"}},
{Toggle::VulkanUseD32S8,
{"vulkan_use_d32s8",
"Vulkan mandates support of either D32_FLOAT_S8 or D24_UNORM_S8. When available the "
"backend will use D32S8 (toggle to on) but setting the toggle to off will make it"
"use the D24S8 format when possible.",
"https://crbug.com/dawn/286"}},
{Toggle::MetalDisableSamplerCompare,
{"metal_disable_sampler_compare",
"Disables the use of sampler compare on Metal. This is unsupported before A9 "
"processors.",
"https://crbug.com/dawn/342"}},
{Toggle::MetalUseSharedModeForCounterSampleBuffer,
{"metal_use_shared_mode_for_counter_sample_buffer",
"The query set on Metal need to create MTLCounterSampleBuffer which storage mode "
"must be either MTLStorageModeShared or MTLStorageModePrivate. But the private mode "
"does not work properly on Intel platforms. The workaround is use shared mode "
"instead.",
"https://crbug.com/dawn/434"}},
{Toggle::DisableBaseVertex,
{"disable_base_vertex",
"Disables the use of non-zero base vertex which is unsupported on some platforms.",
"https://crbug.com/dawn/343"}},
{Toggle::DisableBaseInstance,
{"disable_base_instance",
"Disables the use of non-zero base instance which is unsupported on some "
"platforms.",
"https://crbug.com/dawn/343"}},
{Toggle::UseD3D12SmallShaderVisibleHeapForTesting,
{"use_d3d12_small_shader_visible_heap",
"Enable use of a small D3D12 shader visible heap, instead of using a large one by "
"default. This setting is used to test bindgroup encoding.",
"https://crbug.com/dawn/155"}},
{Toggle::UseDXC,
{"use_dxc", "Use DXC instead of FXC for compiling HLSL",
"https://crbug.com/dawn/402"}},
{Toggle::DisableRobustness,
{"disable_robustness", "Disable robust buffer access", "https://crbug.com/dawn/480"}},
{Toggle::MetalEnableVertexPulling,
{"metal_enable_vertex_pulling",
"Uses vertex pulling to protect out-of-bounds reads on Metal",
"https://crbug.com/dawn/480"}}}};
static constexpr ToggleEnumAndInfoList kToggleNameAndInfoList = {{
{Toggle::EmulateStoreAndMSAAResolve,
{"emulate_store_and_msaa_resolve",
"Emulate storing into multisampled color attachments and doing MSAA resolve "
"simultaneously. This workaround is enabled by default on the Metal drivers that do "
"not support MTLStoreActionStoreAndMultisampleResolve. To support StoreOp::Store on "
"those platforms, we should do MSAA resolve in another render pass after ending the "
"previous one.",
"https://crbug.com/dawn/56"}},
{Toggle::NonzeroClearResourcesOnCreationForTesting,
{"nonzero_clear_resources_on_creation_for_testing",
"Clears texture to full 1 bits as soon as they are created, but doesn't update "
"the tracking state of the texture. This way we can test the logic of clearing "
"textures that use recycled memory.",
"https://crbug.com/dawn/145"}},
{Toggle::AlwaysResolveIntoZeroLevelAndLayer,
{"always_resolve_into_zero_level_and_layer",
"When the resolve target is a texture view that is created on the non-zero level or "
"layer of a texture, we first resolve into a temporarily 2D texture with only one "
"mipmap level and one array layer, and copy the result of MSAA resolve into the "
"true resolve target. This workaround is enabled by default on the Metal drivers "
"that have bugs when setting non-zero resolveLevel or resolveSlice.",
"https://crbug.com/dawn/56"}},
{Toggle::LazyClearResourceOnFirstUse,
{"lazy_clear_resource_on_first_use",
"Clears resource to zero on first usage. This initializes the resource "
"so that no dirty bits from recycled memory is present in the new resource.",
"https://crbug.com/dawn/145"}},
{Toggle::TurnOffVsync,
{"turn_off_vsync",
"Turn off vsync when rendering. In order to do performance test or run perf tests, "
"turn off vsync so that the fps can exeed 60.",
"https://crbug.com/dawn/237"}},
{Toggle::UseTemporaryBufferInCompressedTextureToTextureCopy,
{"use_temporary_buffer_in_texture_to_texture_copy",
"Split texture-to-texture copy into two copies: copy from source texture into a "
"temporary buffer, and copy from the temporary buffer into the destination texture "
"when copying between compressed textures that don't have block-aligned sizes. This "
"workaround is enabled by default on all Vulkan drivers to solve an issue in the "
"Vulkan SPEC about the texture-to-texture copies with compressed formats. See #1005 "
"(https://github.com/KhronosGroup/Vulkan-Docs/issues/1005) for more details.",
"https://crbug.com/dawn/42"}},
{Toggle::UseD3D12ResourceHeapTier2,
{"use_d3d12_resource_heap_tier2",
"Enable support for resource heap tier 2. Resource heap tier 2 allows mixing of "
"texture and buffers in the same heap. This allows better heap re-use and reduces "
"fragmentation.",
"https://crbug.com/dawn/27"}},
{Toggle::UseD3D12RenderPass,
{"use_d3d12_render_pass",
"Use the D3D12 render pass API introduced in Windows build 1809 by default. On "
"versions of Windows prior to build 1809, or when this toggle is turned off, Dawn "
"will emulate a render pass.",
"https://crbug.com/dawn/36"}},
{Toggle::UseD3D12ResidencyManagement,
{"use_d3d12_residency_management",
"Enable residency management. This allows page-in and page-out of resource heaps in "
"GPU memory. This component improves overcommitted performance by keeping the most "
"recently used resources local to the GPU. Turning this component off can cause "
"allocation failures when application memory exceeds physical device memory.",
"https://crbug.com/dawn/193"}},
{Toggle::SkipValidation,
{"skip_validation", "Skip expensive validation of Dawn commands.",
"https://crbug.com/dawn/271"}},
{Toggle::VulkanUseD32S8,
{"vulkan_use_d32s8",
"Vulkan mandates support of either D32_FLOAT_S8 or D24_UNORM_S8. When available the "
"backend will use D32S8 (toggle to on) but setting the toggle to off will make it"
"use the D24S8 format when possible.",
"https://crbug.com/dawn/286"}},
{Toggle::MetalDisableSamplerCompare,
{"metal_disable_sampler_compare",
"Disables the use of sampler compare on Metal. This is unsupported before A9 "
"processors.",
"https://crbug.com/dawn/342"}},
{Toggle::MetalUseSharedModeForCounterSampleBuffer,
{"metal_use_shared_mode_for_counter_sample_buffer",
"The query set on Metal need to create MTLCounterSampleBuffer which storage mode "
"must be either MTLStorageModeShared or MTLStorageModePrivate. But the private mode "
"does not work properly on Intel platforms. The workaround is use shared mode "
"instead.",
"https://crbug.com/dawn/434"}},
{Toggle::DisableBaseVertex,
{"disable_base_vertex",
"Disables the use of non-zero base vertex which is unsupported on some platforms.",
"https://crbug.com/dawn/343"}},
{Toggle::DisableBaseInstance,
{"disable_base_instance",
"Disables the use of non-zero base instance which is unsupported on some "
"platforms.",
"https://crbug.com/dawn/343"}},
{Toggle::UseD3D12SmallShaderVisibleHeapForTesting,
{"use_d3d12_small_shader_visible_heap",
"Enable use of a small D3D12 shader visible heap, instead of using a large one by "
"default. This setting is used to test bindgroup encoding.",
"https://crbug.com/dawn/155"}},
{Toggle::UseDXC,
{"use_dxc", "Use DXC instead of FXC for compiling HLSL",
"https://crbug.com/dawn/402"}},
{Toggle::DisableRobustness,
{"disable_robustness", "Disable robust buffer access", "https://crbug.com/dawn/480"}},
{Toggle::MetalEnableVertexPulling,
{"metal_enable_vertex_pulling",
"Uses vertex pulling to protect out-of-bounds reads on Metal",
"https://crbug.com/dawn/480"}},
{Toggle::DisallowUnsafeAPIs,
{"disallow_unsafe_apis",
"Produces validation errors on API entry points or parameter combinations that "
"aren't considered secure yet.",
"http://crbug.com/1138528"}}
// Dummy comment to separate the }} so it is clearer what to copy-paste to add a toggle.
}};
} // anonymous namespace

1
src/dawn_native/Toggles.h
View File

@@ -43,6 +43,7 @@ namespace dawn_native {
UseDXC,
DisableRobustness,
MetalEnableVertexPulling,
DisallowUnsafeAPIs,
EnumCount,
InvalidEnum = EnumCount,