From d0ccb1aae63ae89338a94e317436863c825cd130 Mon Sep 17 00:00:00 2001 From: Ben Clayton Date: Fri, 19 Aug 2022 21:33:01 +0000 Subject: [PATCH] tint/fuzzers: Add a fuzzer that tests concurrency Currently triggers a bunch of simultaneous program writers, sharing the same program. Bug: tint:1651 Change-Id: I9114a3072fb14182f72d5823fa8120088c2ab167 Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/99802 Commit-Queue: Ben Clayton Reviewed-by: Antonio Maiorano Kokoro: Kokoro --- CMakeLists.txt | 24 ++-- src/tint/fuzzers/BUILD.gn | 9 ++ src/tint/fuzzers/CMakeLists.txt | 1 + src/tint/fuzzers/tint_concurrency_fuzzer.cc | 127 ++++++++++++++++++++ 4 files changed, 154 insertions(+), 7 deletions(-) create mode 100644 src/tint/fuzzers/tint_concurrency_fuzzer.cc diff --git a/CMakeLists.txt b/CMakeLists.txt index 62d3a935fa..d5098d5c46 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -114,8 +114,9 @@ if (DAWN_SUPPORTS_GLFW_FOR_WINDOWING) set(BUILD_SAMPLES ON) endif() -option_if_not_defined(DAWN_ENABLE_MSAN "Enable memory sanitizer" OFF) option_if_not_defined(DAWN_ENABLE_ASAN "Enable address sanitizer" OFF) +option_if_not_defined(DAWN_ENABLE_TSAN "Enable thread sanitizer" OFF) +option_if_not_defined(DAWN_ENABLE_MSAN "Enable memory sanitizer" OFF) option_if_not_defined(DAWN_ENABLE_UBSAN "Enable undefined behaviour sanitizer" OFF) option_if_not_defined(DAWN_ENABLE_D3D12 "Enable compilation of the D3D12 backend" ${ENABLE_D3D12}) @@ -272,6 +273,7 @@ message(STATUS "Dawn build Swiftshader: ${DAWN_ENABLE_SWIFTSHADER}") message(STATUS "Dawn build PIC: ${DAWN_ENABLE_PIC}") message(STATUS "Dawn build with ASAN: ${DAWN_ENABLE_ASAN}") +message(STATUS "Dawn build with TSAN: ${DAWN_ENABLE_TSAN}") message(STATUS "Dawn build with MSAN: ${DAWN_ENABLE_MSAN}") message(STATUS "Dawn build with UBSAN: ${DAWN_ENABLE_UBSAN}") @@ -315,18 +317,26 @@ function(common_compile_options TARGET) ) if (${DAWN_ENABLE_MSAN}) - target_compile_options(${TARGET} PRIVATE -fsanitize=memory) - target_link_options(${TARGET} PRIVATE -fsanitize=memory) + target_compile_options(${TARGET} PUBLIC -fsanitize=memory) + target_link_options(${TARGET} PUBLIC -fsanitize=memory) elseif (${DAWN_ENABLE_ASAN}) - target_compile_options(${TARGET} PRIVATE -fsanitize=address) - target_link_options(${TARGET} PRIVATE -fsanitize=address) + target_compile_options(${TARGET} PUBLIC -fsanitize=address) + target_link_options(${TARGET} PUBLIC -fsanitize=address) + elseif (${DAWN_ENABLE_TSAN}) + target_compile_options(${TARGET} PUBLIC -fsanitize=thread) + target_link_options(${TARGET} PUBLIC -fsanitize=thread) elseif (${DAWN_ENABLE_UBSAN}) - target_compile_options(${TARGET} PRIVATE -fsanitize=undefined) - target_link_options(${TARGET} PRIVATE -fsanitize=undefined) + target_compile_options(${TARGET} PUBLIC -fsanitize=undefined) + target_link_options(${TARGET} PUBLIC -fsanitize=undefined) endif() endif(COMPILER_IS_LIKE_GNU) endfunction() +if (${DAWN_ENABLE_TSAN}) + add_compile_options(-stdlib=libc++) + add_link_options(-stdlib=libc++) +endif() + ################################################################################ # Dawn's public and internal "configs" ################################################################################ diff --git a/src/tint/fuzzers/BUILD.gn b/src/tint/fuzzers/BUILD.gn index 48d5e66690..25e475e08f 100644 --- a/src/tint/fuzzers/BUILD.gn +++ b/src/tint/fuzzers/BUILD.gn @@ -165,6 +165,15 @@ if (build_with_chromium) { seed_corpus_deps = [ ":tint_generate_wgsl_corpus" ] } + fuzzer_test("tint_concurrency_fuzzer") { + sources = [ "tint_concurrency_fuzzer.cc" ] + deps = [ ":tint_fuzzer_common_with_init_src" ] + dict = "dictionary.txt" + libfuzzer_options = tint_fuzzer_common_libfuzzer_options + seed_corpus = fuzzer_corpus_wgsl_dir + seed_corpus_deps = [ ":tint_generate_wgsl_corpus" ] + } + fuzzer_test("tint_first_index_offset_fuzzer") { sources = [ "tint_first_index_offset_fuzzer.cc" ] deps = [ ":tint_fuzzer_common_with_init_src" ] diff --git a/src/tint/fuzzers/CMakeLists.txt b/src/tint/fuzzers/CMakeLists.txt index 55c99637fd..7be123738a 100644 --- a/src/tint/fuzzers/CMakeLists.txt +++ b/src/tint/fuzzers/CMakeLists.txt @@ -45,6 +45,7 @@ endif() if (${TINT_BUILD_WGSL_READER} AND ${TINT_BUILD_SPV_WRITER}) add_tint_fuzzer(tint_all_transforms_fuzzer) add_tint_fuzzer(tint_binding_remapper_fuzzer) + add_tint_fuzzer(tint_concurrency_fuzzer) add_tint_fuzzer(tint_first_index_offset_fuzzer) add_tint_fuzzer(tint_renamer_fuzzer) add_tint_fuzzer(tint_robustness_fuzzer) diff --git a/src/tint/fuzzers/tint_concurrency_fuzzer.cc b/src/tint/fuzzers/tint_concurrency_fuzzer.cc new file mode 100644 index 0000000000..945cc0e045 --- /dev/null +++ b/src/tint/fuzzers/tint_concurrency_fuzzer.cc @@ -0,0 +1,127 @@ +// Copyright 2022 The Tint Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include +#include +#include +#include + +#include + +#include "src/tint/inspector/inspector.h" +#include "src/tint/reader/wgsl/parser.h" +#include "src/tint/utils/hash.h" +#include "src/tint/writer/flatten_bindings.h" +#include "src/tint/writer/glsl/generator.h" +#include "src/tint/writer/hlsl/generator.h" +#include "src/tint/writer/msl/generator.h" +#include "src/tint/writer/spirv/generator.h" +#include "src/tint/writer/wgsl/generator.h" + +static constexpr size_t kNumThreads = 32; + +[[noreturn]] void TintInternalCompilerErrorReporter(const tint::diag::List& diagnostics) { + auto printer = tint::diag::Printer::create(stderr, true); + tint::diag::Formatter{}.format(diagnostics, printer.get()); + __builtin_trap(); +} + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + tint::SetInternalCompilerErrorReporter(&TintInternalCompilerErrorReporter); + + std::string str(reinterpret_cast(data), size); + auto file = std::make_unique("test.wgsl", str); + auto program = tint::reader::wgsl::Parse(file.get()); + if (!program.IsValid()) { + return 0; + } + + tint::inspector::Inspector inspector(&program); + auto entry_points = inspector.GetEntryPoints(); + std::string entry_point = entry_points.empty() ? "" : entry_points.front().name; + + std::array threads; + + for (size_t thread_idx = 0; thread_idx < kNumThreads; thread_idx++) { + auto thread = std::thread([&program, thread_idx, entry_point] { + enum class Writer { +#if TINT_BUILD_GLSL_WRITER + kGLSL, +#endif +#if TINT_BUILD_HLSL_WRITER + kHLSL, +#endif +#if TINT_BUILD_MSL_WRITER + kMSL, +#endif +#if TINT_BUILD_SPV_WRITER + kSPIRV, +#endif +#if TINT_BUILD_WGSL_WRITER + kWGSL, +#endif + kCount + }; + switch (static_cast(thread_idx % static_cast(Writer::kCount))) { +#if TINT_BUILD_WGSL_WRITER + case Writer::kWGSL: { + tint::writer::wgsl::Generate(&program, {}); + break; + } +#endif // TINT_BUILD_WGSL_WRITER + +#if TINT_BUILD_SPV_WRITER + case Writer::kSPIRV: { + tint::writer::spirv::Generate(&program, {}); + break; + } +#endif // TINT_BUILD_SPV_WRITER + +#if TINT_BUILD_HLSL_WRITER + case Writer::kHLSL: { + tint::writer::hlsl::Generate(&program, {}); + break; + } +#endif // TINT_BUILD_HLSL_WRITER + +#if TINT_BUILD_GLSL_WRITER + case Writer::kGLSL: { + tint::writer::glsl::Generate(&program, {}, entry_point); + break; + } +#endif // TINT_BUILD_GLSL_WRITER + +#if TINT_BUILD_MSL_WRITER + case Writer::kMSL: { + // Remap resource numbers to a flat namespace. + if (auto flattened = tint::writer::FlattenBindings(&program)) { + tint::writer::msl::Generate(&flattened.value(), {}); + } + break; + } +#endif // TINT_BUILD_MSL_WRITER + + case Writer::kCount: + break; + } + }); + threads[thread_idx] = std::move(thread); + } + + for (auto& thread : threads) { + thread.join(); + } + + return 0; +}