From 4db6bd3cd6da1871fdac520c280bd9f933e48489 Mon Sep 17 00:00:00 2001 From: jsmall-nvidia Date: Wed, 8 Jun 2022 19:51:49 -0400 Subject: Improved bounds checking for C++/CUDA (#2263) * #include an absolute path didn't work - because paths were taken to always be relative. * Use TerminatedUnownedStringSlice for literals in output C++. * Remove Escape/Unescape functions used in slang-token-reader.cpp Add target type of 'host-cpp' etc to map to the target types. * Fix some corner cases around string encoding. * Added unit test for string escaping. Fixed some assorted escaping bugs. * Updated test output. * Added decode test. * Stop using hex output, to get around 'greedy' aspect. Use octal instead. * Added HostHostCallable Small changes to use ArtifactDesc/Info instead of large switches. * Fix C++ emit to handle arbitrary function export. * Add options handling for callable without an output being specified. * Can compile with COM interface. Added example using com interface. * Use the IR Ptr type instead of hack in C++ emit for interfaces. * Fix issue with outputting the COM call when ptr is used. * Fix crash issue on compilation failure. * Add support for __global. * Added `ActualGlobalRate` Added special handling around globals and COM interfaces. Tested out in cpu-com-example. * Fix typo in NodeBase. * Support for accessing globals by name working. * Bounds checking for C++ Improved bounds checks for CUDA. * Check that actual global initialization is working. * Fix typo. * Refactor the com replacement such that it doesn't need a cache or do anything special with GlobalVar. * Fix typo in CUDA prelude. * Remove context. Only create replacement if needed. * Split out COM host-callable into a unit-test. * host-callable com testing on C++and llvm. * Comment around the COM ptr replacement. * WIP Zero bound test. * Disable com test on vs 32 bit. Fix C++ prelude * Disable 32 bit targets testing com host-callable. * For now disable zero index test. * Enable bounds checking for CPU/CUDA. * Small fixes. Disable CUDA zero index bound fix. * Add test result for bound check. * Work around for index wrapping issue. * Added Fixed array test. * Only enable prelude asserts via SLANG_PRELUDE_ENABLE_ASSERT (unless defined by the user) --- prelude/slang-cpp-types.h | 107 ++++++++++++++++++++++++++++++---------------- 1 file changed, 70 insertions(+), 37 deletions(-) (limited to 'prelude/slang-cpp-types.h') diff --git a/prelude/slang-cpp-types.h b/prelude/slang-cpp-types.h index 64db2efb3..7aef25650 100644 --- a/prelude/slang-cpp-types.h +++ b/prelude/slang-cpp-types.h @@ -2,15 +2,48 @@ #define SLANG_PRELUDE_CPP_TYPES_H #ifndef SLANG_PRELUDE_ASSERT -# ifdef _DEBUG +# ifdef SLANG_PRELUDE_ENABLE_ASSERT # define SLANG_PRELUDE_ASSERT(VALUE) assert(VALUE) # else # define SLANG_PRELUDE_ASSERT(VALUE) # endif #endif -#ifndef SLANG_FORCE_INLINE -# define SLANG_FORCE_INLINE inline +// Since we are using unsigned arithmatic care is need in this comparison. +// It is *assumed* that sizeInBytes >= elemSize. Which means (sizeInBytes >= elemSize) >= 0 +// Which means only a single test is needed + +// Asserts for bounds checking. +// It is assumed index/count are unsigned types. +#define SLANG_BOUND_ASSERT(index, count) SLANG_PRELUDE_ASSERT(index < count); +#define SLANG_BOUND_ASSERT_BYTE_ADDRESS(index, elemSize, sizeInBytes) SLANG_PRELUDE_ASSERT(index <= (sizeInBytes - elemSize) && (index & 3) == 0); + +// Macros to zero index if an access is out of range +#define SLANG_BOUND_ZERO_INDEX(index, count) index = (index < count) ? index : 0; +#define SLANG_BOUND_ZERO_INDEX_BYTE_ADDRESS(index, elemSize, sizeInBytes) index = (index <= (sizeInBytes - elemSize)) ? index : 0; + +// The 'FIX' macro define how the index is fixed. The default is to do nothing. If SLANG_ENABLE_BOUND_ZERO_INDEX +// the fix macro will zero the index, if out of range +#ifdef SLANG_ENABLE_BOUND_ZERO_INDEX +# define SLANG_BOUND_FIX(index, count) SLANG_BOUND_ZERO_INDEX(index, count) +# define SLANG_BOUND_FIX_BYTE_ADDRESS(index, elemSize, sizeInBytes) SLANG_BOUND_ZERO_INDEX_BYTE_ADDRESS(index, elemSize, sizeInBytes) +# define SLANG_BOUND_FIX_FIXED_ARRAY(index, count) SLANG_BOUND_ZERO_INDEX(index, count) +#else +# define SLANG_BOUND_FIX(index, count) +# define SLANG_BOUND_FIX_BYTE_ADDRESS(index, elemSize, sizeInBytes) +# define SLANG_BOUND_FIX_FIXED_ARRAY(index, count) +#endif + +#ifndef SLANG_BOUND_CHECK +# define SLANG_BOUND_CHECK(index, count) SLANG_BOUND_ASSERT(index, count) SLANG_BOUND_FIX(index, count) +#endif + +#ifndef SLANG_BOUND_CHECK_BYTE_ADDRESS +# define SLANG_BOUND_CHECK_BYTE_ADDRESS(index, elemSize, sizeInBytes) SLANG_BOUND_ASSERT_BYTE_ADDRESS(index, elemSize, sizeInBytes) SLANG_BOUND_FIX_BYTE_ADDRESS(index, elemSize, sizeInBytes) +#endif + +#ifndef SLANG_BOUND_CHECK_FIXED_ARRAY +# define SLANG_BOUND_CHECK_FIXED_ARRAY(index, count) SLANG_BOUND_ASSERT(index, count) SLANG_BOUND_FIX_FIXED_ARRAY(index, count) #endif #ifdef SLANG_PRELUDE_NAMESPACE @@ -25,8 +58,8 @@ struct TypeInfo template struct FixedArray { - const T& operator[](size_t index) const { SLANG_PRELUDE_ASSERT(index < SIZE); return m_data[index]; } - T& operator[](size_t index) { SLANG_PRELUDE_ASSERT(index < SIZE); return m_data[index]; } + const T& operator[](size_t index) const { SLANG_BOUND_CHECK_FIXED_ARRAY(index, SIZE); return m_data[index]; } + T& operator[](size_t index) { SLANG_BOUND_CHECK_FIXED_ARRAY(index, SIZE); return m_data[index]; } T m_data[SIZE]; }; @@ -36,8 +69,8 @@ struct FixedArray template struct Array { - const T& operator[](size_t index) const { SLANG_PRELUDE_ASSERT(index < count); return data[index]; } - T& operator[](size_t index) { SLANG_PRELUDE_ASSERT(index < count); return data[index]; } + const T& operator[](size_t index) const { SLANG_BOUND_CHECK(index, count); return data[index]; } + T& operator[](size_t index) { SLANG_BOUND_CHECK(index, count); return data[index]; } T* data; size_t count; @@ -126,8 +159,8 @@ typedef size_t NonUniformResourceIndex; template struct RWStructuredBuffer { - SLANG_FORCE_INLINE T& operator[](size_t index) const { SLANG_PRELUDE_ASSERT(index < count); return data[index]; } - const T& Load(size_t index) const { SLANG_PRELUDE_ASSERT(index < count); return data[index]; } + SLANG_FORCE_INLINE T& operator[](size_t index) const { SLANG_BOUND_CHECK(index, count); return data[index]; } + const T& Load(size_t index) const { SLANG_BOUND_CHECK(index, count); return data[index]; } void GetDimensions(uint32_t* outNumStructs, uint32_t* outStride) { *outNumStructs = uint32_t(count); *outStride = uint32_t(sizeof(T)); } T* data; @@ -137,8 +170,8 @@ struct RWStructuredBuffer template struct StructuredBuffer { - SLANG_FORCE_INLINE const T& operator[](size_t index) const { SLANG_PRELUDE_ASSERT(index < count); return data[index]; } - const T& Load(size_t index) const { SLANG_PRELUDE_ASSERT(index < count); return data[index]; } + SLANG_FORCE_INLINE const T& operator[](size_t index) const { SLANG_BOUND_CHECK(index, count); return data[index]; } + const T& Load(size_t index) const { SLANG_BOUND_CHECK(index, count); return data[index]; } void GetDimensions(uint32_t* outNumStructs, uint32_t* outStride) { *outNumStructs = uint32_t(count); *outStride = uint32_t(sizeof(T)); } T* data; @@ -149,8 +182,8 @@ struct StructuredBuffer template struct RWBuffer { - SLANG_FORCE_INLINE T& operator[](size_t index) const { SLANG_PRELUDE_ASSERT(index < count); return data[index]; } - const T& Load(size_t index) const { SLANG_PRELUDE_ASSERT(index < count); return data[index]; } + SLANG_FORCE_INLINE T& operator[](size_t index) const { SLANG_BOUND_CHECK(index, count); return data[index]; } + const T& Load(size_t index) const { SLANG_BOUND_CHECK(index, count); return data[index]; } void GetDimensions(uint32_t* outCount) { *outCount = uint32_t(count); } T* data; @@ -160,8 +193,8 @@ struct RWBuffer template struct Buffer { - SLANG_FORCE_INLINE const T& operator[](size_t index) const { SLANG_PRELUDE_ASSERT(index < count); return data[index]; } - const T& Load(size_t index) const { SLANG_PRELUDE_ASSERT(index < count); return data[index]; } + SLANG_FORCE_INLINE const T& operator[](size_t index) const { SLANG_BOUND_CHECK(index, count); return data[index]; } + const T& Load(size_t index) const { SLANG_BOUND_CHECK(index, count); return data[index]; } void GetDimensions(uint32_t* outCount) { *outCount = uint32_t(count); } T* data; @@ -174,32 +207,32 @@ struct ByteAddressBuffer void GetDimensions(uint32_t* outDim) const { *outDim = uint32_t(sizeInBytes); } uint32_t Load(size_t index) const { - SLANG_PRELUDE_ASSERT(index + 4 <= sizeInBytes && (index & 3) == 0); + SLANG_BOUND_CHECK_BYTE_ADDRESS(index, 4, sizeInBytes); return data[index >> 2]; } uint2 Load2(size_t index) const { - SLANG_PRELUDE_ASSERT(index + 8 <= sizeInBytes && (index & 3) == 0); + SLANG_BOUND_CHECK_BYTE_ADDRESS(index, 8, sizeInBytes); const size_t dataIdx = index >> 2; return uint2{data[dataIdx], data[dataIdx + 1]}; } uint3 Load3(size_t index) const { - SLANG_PRELUDE_ASSERT(index + 12 <= sizeInBytes && (index & 3) == 0); + SLANG_BOUND_CHECK_BYTE_ADDRESS(index, 12, sizeInBytes); const size_t dataIdx = index >> 2; return uint3{data[dataIdx], data[dataIdx + 1], data[dataIdx + 2]}; } uint4 Load4(size_t index) const { - SLANG_PRELUDE_ASSERT(index + 16 <= sizeInBytes && (index & 3) == 0); + SLANG_BOUND_CHECK_BYTE_ADDRESS(index, 16, sizeInBytes); const size_t dataIdx = index >> 2; return uint4{data[dataIdx], data[dataIdx + 1], data[dataIdx + 2], data[dataIdx + 3]}; } template - T Load(size_t offset) const + T Load(size_t index) const { - SLANG_PRELUDE_ASSERT(offset + sizeof(T) <= sizeInBytes && (offset & (alignof(T)-1)) == 0); - return *(T const*)((char*)data + offset); + SLANG_BOUND_CHECK_BYTE_ADDRESS(index, sizeof(T), sizeInBytes); + return *(const T*)(((const char*)data) + index); } const uint32_t* data; @@ -215,49 +248,49 @@ struct RWByteAddressBuffer uint32_t Load(size_t index) const { - SLANG_PRELUDE_ASSERT(index + 4 <= sizeInBytes && (index & 3) == 0); + SLANG_BOUND_CHECK_BYTE_ADDRESS(index, 4, sizeInBytes); return data[index >> 2]; } uint2 Load2(size_t index) const { - SLANG_PRELUDE_ASSERT(index + 8 <= sizeInBytes && (index & 3) == 0); + SLANG_BOUND_CHECK_BYTE_ADDRESS(index, 8, sizeInBytes); const size_t dataIdx = index >> 2; return uint2{data[dataIdx], data[dataIdx + 1]}; } uint3 Load3(size_t index) const { - SLANG_PRELUDE_ASSERT(index + 12 <= sizeInBytes && (index & 3) == 0); + SLANG_BOUND_CHECK_BYTE_ADDRESS(index, 12, sizeInBytes); const size_t dataIdx = index >> 2; return uint3{data[dataIdx], data[dataIdx + 1], data[dataIdx + 2]}; } uint4 Load4(size_t index) const { - SLANG_PRELUDE_ASSERT(index + 16 <= sizeInBytes && (index & 3) == 0); + SLANG_BOUND_CHECK_BYTE_ADDRESS(index, 16, sizeInBytes); const size_t dataIdx = index >> 2; return uint4{data[dataIdx], data[dataIdx + 1], data[dataIdx + 2], data[dataIdx + 3]}; } template - T Load(size_t offset) const + T Load(size_t index) const { - SLANG_PRELUDE_ASSERT(offset + sizeof(T) <= sizeInBytes && (offset & (alignof(T)-1)) == 0); - return *(T const*)((char*)data + offset); + SLANG_BOUND_CHECK_BYTE_ADDRESS(index, sizeof(T), sizeInBytes); + return *(const T*)(((const char*)data) + index); } void Store(size_t index, uint32_t v) const { - SLANG_PRELUDE_ASSERT(index + 4 <= sizeInBytes && (index & 3) == 0); + SLANG_BOUND_CHECK_BYTE_ADDRESS(index, 4, sizeInBytes); data[index >> 2] = v; } void Store2(size_t index, uint2 v) const { - SLANG_PRELUDE_ASSERT(index + 8 <= sizeInBytes && (index & 3) == 0); + SLANG_BOUND_CHECK_BYTE_ADDRESS(index, 8, sizeInBytes); const size_t dataIdx = index >> 2; data[dataIdx + 0] = v.x; data[dataIdx + 1] = v.y; } void Store3(size_t index, uint3 v) const - { - SLANG_PRELUDE_ASSERT(index + 12 <= sizeInBytes && (index & 3) == 0); + { + SLANG_BOUND_CHECK_BYTE_ADDRESS(index, 12, sizeInBytes); const size_t dataIdx = index >> 2; data[dataIdx + 0] = v.x; data[dataIdx + 1] = v.y; @@ -265,7 +298,7 @@ struct RWByteAddressBuffer } void Store4(size_t index, uint4 v) const { - SLANG_PRELUDE_ASSERT(index + 16 <= sizeInBytes && (index & 3) == 0); + SLANG_BOUND_CHECK_BYTE_ADDRESS(index, 16, sizeInBytes); const size_t dataIdx = index >> 2; data[dataIdx + 0] = v.x; data[dataIdx + 1] = v.y; @@ -273,10 +306,10 @@ struct RWByteAddressBuffer data[dataIdx + 3] = v.w; } template - void Store(size_t offset, T const& value) const + void Store(size_t index, T const& value) const { - SLANG_PRELUDE_ASSERT(offset + sizeof(T) <= sizeInBytes && (offset & (alignof(T)-1)) == 0); - *(T*)((char*)data + offset) = value; + SLANG_BOUND_CHECK_BYTE_ADDRESS(index, sizeof(T), sizeInBytes); + *(T*)(((char*)data) + index) = value; } uint32_t* data; -- cgit v1.2.3