xAdd fuzz tests

Author: szadam

.github/workflows/nightly.yml

@@ -2,15 +2,53 @@
 name: Nightly
 
 # This job is run at 00:00 UTC every day or on demand.
-on:
-  workflow_dispatch:
-  schedule:
-    - cron:  '0 0 * * *'
+on: [workflow_call]
 
 permissions:
   contents: read
 
 jobs:
+  fuzz-test:
+      name: Fuzz test
+      strategy:
+        fail-fast: false
+        matrix:
+          build_type: [Debug, Release]
+          compiler: [{c: clang, cxx: clang++}]
+      
+      runs-on: ubuntu-latest
+
+      steps:
+      - name: Checkout repository
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Install apt packages
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y cmake hwloc libhwloc-dev libjemalloc-dev libnuma-dev libtbb-dev
+
+      - name: Configure CMake
+        run: >
+          cmake
+          -B ${{github.workspace}}/build
+          -DCMAKE_BUILD_TYPE=${{matrix.build_type}}
+          -DCMAKE_C_COMPILER=${{matrix.compiler.c}}
+          -DCMAKE_CXX_COMPILER=${{matrix.compiler.cxx}}
+          -DUMF_FORMAT_CODE_STYLE=ON
+          -DUMF_TESTS_FAIL_ON_SKIP=ON
+          -DUMF_DEVELOPER_MODE=ON
+
+      - name: Build
+        run: cmake --build ${{github.workspace}}/build --config ${{matrix.build_type}} -j$(nproc)
+
+      - name: Fuzz short test
+        working-directory: ${{github.workspace}}/build
+        run: ctest -C Debug --output-on-failure -L "fuzz-short"
+
+      - name: Fuzz long test
+        working-directory: ${{github.workspace}}/build
+        run: ctest -C Debug --output-on-failure -L "fuzz-long"
+
   valgrind:
     name: Valgrind
     strategy:

.github/workflows/pr_push.yml

@@ -205,3 +205,5 @@ jobs:
   MultiNuma:
     needs: [Build]
     uses: ./.github/workflows/multi_numa.yml
+  Nightly:
+    uses: ./.github/workflows/nightly.yml

test/CMakeLists.txt

@@ -187,6 +187,9 @@ if(LINUX) # OS-specific functions are implemented only for Linux now
         NAME mempolicy
         SRCS memspaces/mempolicy.cpp
         LIBS ${LIBNUMA_LIBRARIES})
+    if(CMAKE_CXX_COMPILER_ID STREQUAL "Clang")
+        add_subdirectory(fuzz)
+    endif()
 endif()
 
 if(UMF_BUILD_GPU_TESTS AND UMF_BUILD_LEVEL_ZERO_PROVIDER)

test/fuzz/CMakeLists.txt

@@ -0,0 +1,26 @@
+# Copyright (C) 2024 Intel Corporation
+# Part of the Unified-Runtime Project, under the Apache License v2.0 with LLVM Exceptions.
+# See LICENSE.TXT
+# SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+
+function(add_fuzz_test name label)
+    add_test(
+        NAME ${name}
+        COMMAND fuzz_test-base ${ARGN} -verbosity=1
+        WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR})
+    set_tests_properties(${name} PROPERTIES LABELS ${label})
+endfunction()
+
+set(TEST_TARGET_NAME fuzz_test-base)
+add_umf_executable(
+    NAME ${TEST_TARGET_NAME}
+    SRCS umfFuzz.cpp
+    LIBS umf)
+target_link_libraries(${TEST_TARGET_NAME} PRIVATE umf -fsanitize=fuzzer)
+target_compile_options(${TEST_TARGET_NAME} PRIVATE -g -fsanitize=fuzzer)
+target_include_directories(${TEST_TARGET_NAME}
+                           PRIVATE ${UMF_CMAKE_SOURCE_DIR}/include)
+target_link_directories(${TEST_TARGET_NAME} PRIVATE ${LIBHWLOC_LIBRARY_DIRS})
+
+add_fuzz_test(base_long fuzz-long -max_total_time=600 -seed=1)
+add_fuzz_test(base_short fuzz-short -max_total_time=10 -seed=1)

test/fuzz/umfFuzz.cpp

@@ -0,0 +1,191 @@
+// Copyright (C) 2024 Intel Corporation
+// Under the Apache License v2.0 with LLVM Exceptions. See LICENSE.TXT.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+
+#include "utils.hpp"
+#include <iostream>
+
+namespace fuzz {
+
+constexpr int MAX_PROVIDER_VECTOR_SIZE = 1024;
+constexpr int MAX_POOLS_VECTOR_SIZE = 20;
+constexpr int MAX_POOLS_ALLOC_SIZE = 1 * 1024;      // 1 kB
+constexpr int MAX_PROVIDER_ALLOC_SIZE = 100 * 1024; // 100 kB
+
+int umf_memory_provider_create(TestState &test_state) {
+    std::cout << "begin umf_memory_provider_create" << std::endl;
+    umf_memory_provider_ops_t *provider_ops = umfOsMemoryProviderOps();
+    umf_os_memory_provider_params_t params = umfOsMemoryProviderParamsDefault();
+    umf_result_t res =
+        umfMemoryProviderCreate(provider_ops, &params, &test_state.provider);
+
+    if (res != UMF_RESULT_SUCCESS) {
+        std::cout << "Failed to create a memory provider! " << res << std::endl;
+        return -1;
+    }
+    std::cout << "OS memory provider created at " << (void *)test_state.provider
+              << std::endl;
+    return 0;
+}
+
+int get_alloc_size(TestState &state, size_t &alloc_size, int max_alloc_size) {
+    if (state.get_next_input_data_in_range<size_t>(&alloc_size, 0,
+                                                   max_alloc_size) != 0) {
+        return -1;
+    }
+    return 0;
+}
+
+int umf_memory_provider_alloc(TestState &test_state) {
+    std::cout << "begin umf_memory_provider_alloc" << std::endl;
+    void *ptr;
+    size_t alloc_size;
+    constexpr size_t alignment = 0;
+
+    if (test_state.allocated_memory.size() >= MAX_PROVIDER_VECTOR_SIZE) {
+        return -1;
+    }
+
+    int ret = get_alloc_size(test_state, alloc_size, MAX_PROVIDER_ALLOC_SIZE);
+    if (ret != 0) {
+        return -1;
+    }
+
+    umf_result_t res = umfMemoryProviderAlloc(test_state.provider, alloc_size,
+                                              alignment, &ptr);
+    if (res != UMF_RESULT_SUCCESS) {
+        std::cout << "Failed to create a memory provider! " << res << std::endl;
+        return -1;
+    }
+    test_state.allocated_memory.push_back(std::make_pair(ptr, alloc_size));
+    std::cout << "Allocated memory at " << ptr << " with alloc_size "
+              << alloc_size << std::endl;
+    std::cout << "Vector size is: " << test_state.allocated_memory.size()
+              << std::endl;
+    return 0;
+}
+
+int umf_memory_provider_free(TestState &test_state) {
+    printf("begin umf_memory_provider_free\n");
+    if (test_state.allocated_memory.empty()) {
+        return -1;
+    }
+
+    std::pair<void *, size_t> alloc = test_state.allocated_memory.back();
+    umf_result_t res =
+        umfMemoryProviderFree(test_state.provider, alloc.first, alloc.second);
+
+    if (res != UMF_RESULT_SUCCESS) {
+        std::cout << "Failed to free memory to the provider! " << res
+                  << std::endl;
+        ;
+        return -1;
+    }
+
+    std::cout << "Freed memory at " << alloc.first << " with alloc_size "
+              << alloc.second << std::endl;
+    test_state.allocated_memory.pop_back();
+    return 0;
+}
+
+int umf_pool_create(TestState &test_state) {
+    if (test_state.pools.size() > MAX_POOLS_VECTOR_SIZE) {
+        return -1;
+    }
+
+    umf_memory_pool_ops_t *pool_ops = umfScalablePoolOps();
+    void *pool_params = NULL;
+    umf_pool_create_flags_t flags = 0;
+    umf_memory_pool_handle_t pool;
+    umf_result_t res =
+        umfPoolCreate(pool_ops, test_state.provider, pool_params, flags, &pool);
+
+    if (res != UMF_RESULT_SUCCESS) {
+        std::cout << "Failed to create a pool! " << res << std::endl;
+        return -1;
+    }
+
+    test_state.pools.push_back(pool);
+    std::cout << "Scalable memory pool created at " << pool
+              << "and Pools' vector size is: " << test_state.pools.size()
+              << std::endl;
+    return 0;
+}
+
+int umf_pool_destroy(TestState &test_state) {
+    if (test_state.pools.empty()) {
+        return -1;
+    }
+    umfPoolDestroy(test_state.pools.back());
+    test_state.pools.pop_back();
+    return 0;
+}
+
+int umf_pool_malloc(TestState &test_state) {
+    if (test_state.pools.empty()) {
+        return -1;
+    }
+    size_t alloc_size;
+    int ret = get_alloc_size(test_state, alloc_size, MAX_POOLS_ALLOC_SIZE);
+    if (ret != 0) {
+        return -1;
+    }
+
+    void *ptr = umfPoolMalloc(test_state.pools.back(), alloc_size);
+    if (!ptr) {
+        std::cout << "Failed to allocate memory in the pool!" << std::endl;
+        return -1;
+    }
+    test_state.pools_alloc.push_back(ptr);
+    return 0;
+}
+
+int umf_free(TestState &test_state) {
+    if (test_state.pools_alloc.empty()) {
+        return -1;
+    }
+    umfFree(test_state.pools_alloc.back());
+    test_state.pools_alloc.pop_back();
+    return 0;
+}
+
+void cleanup(TestState &test_state) {
+    for (auto &alloc : test_state.allocated_memory) {
+        umfMemoryProviderFree(test_state.provider, alloc.first, alloc.second);
+    }
+    std::cout << "Freed all allocated memory\n";
+
+    for (auto &alloc : test_state.pools_alloc) {
+        umfFree(alloc);
+    }
+    for (auto &pool : test_state.pools) {
+        umfPoolDestroy(pool);
+    }
+
+    umfMemoryProviderDestroy(test_state.provider);
+}
+
+extern "C" int LLVMFuzzerTestOneInput(uint8_t *data, size_t size) {
+    int next_api_call;
+    auto data_provider = std::make_unique<FuzzedDataProvider>(data, size);
+    TestState test_state(std::move(data_provider));
+    int ret = -1;
+
+    int (*api_wrappers[])(TestState &) = {
+        umf_memory_provider_alloc, umf_memory_provider_free, umf_pool_create,
+        umf_pool_destroy,          umf_pool_malloc,          umf_free,
+    };
+    umf_memory_provider_create(test_state);
+
+    while ((next_api_call = test_state.get_next_api_call()) != -1) {
+        ret = api_wrappers[next_api_call](test_state);
+        if (ret) {
+            cleanup(test_state);
+            return -1;
+        }
+    }
+
+    cleanup(test_state);
+    return 0;
+}
+} // namespace fuzz

test/fuzz/utils.hpp

@@ -0,0 +1,83 @@
+// Copyright (C) 2024 Intel Corporation
+// Under the Apache License v2.0 with LLVM Exceptions. See LICENSE.TXT.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+
+#include "umf/pools/pool_scalable.h"
+#include "umf/providers/provider_os_memory.h"
+#include <fuzzer/FuzzedDataProvider.h>
+#include <iostream>
+#include <memory>
+#include <vector>
+
+namespace fuzz {
+
+enum FuzzerAPICall : uint8_t {
+    UMF_MEMORY_PROVIDER_ALLOC,
+    UMF_MEMORY_PROVIDER_FREE,
+    UMF_POOL_CREATE,
+    UMF_POOL_DESTROY,
+    UMF_POOL_MALLOC,
+    UMF_POOL_FREE,
+    kMaxValue = UMF_POOL_FREE,
+};
+
+struct TestState {
+    std::unique_ptr<FuzzedDataProvider> data_provider;
+    umf_memory_provider_handle_t provider;
+    std::vector<std::pair<void *, size_t>> allocated_memory; //provider
+    std::vector<umf_memory_pool_handle_t> pools;
+    std::vector<void *> pools_alloc; //pool
+
+    TestState(std::unique_ptr<FuzzedDataProvider> data_provider)
+        : data_provider(std::move(data_provider)) {}
+
+    template <typename IntType> int get_next_input_data(IntType *data) {
+        if (data_provider->remaining_bytes() < sizeof(IntType)) {
+            return -1;
+        }
+        *data = data_provider->ConsumeIntegral<IntType>();
+
+        return 0;
+    }
+
+    template <typename IntType>
+    int get_next_input_data_in_range(IntType *data, IntType min, IntType max) {
+        if (data_provider->remaining_bytes() < sizeof(IntType)) {
+            return -1;
+        }
+        *data = data_provider->ConsumeIntegralInRange<IntType>(min, max);
+
+        return 0;
+    }
+
+    template <typename EnumType> int get_next_input_data_enum(EnumType *data) {
+        if (data_provider->remaining_bytes() < sizeof(EnumType)) {
+            return -1;
+        }
+        *data = data_provider->ConsumeEnum<EnumType>();
+
+        return 0;
+    }
+
+    int init() { return 0; }
+
+    int get_next_api_call() {
+        FuzzerAPICall next_api_call;
+        return get_next_input_data_enum(&next_api_call) == 0 ? next_api_call
+                                                             : -1;
+    }
+
+    umf_memory_provider_handle_t get_memory_provider() { return nullptr; }
+
+    int get_vec_index(const uint8_t vec_size) {
+        if (vec_size == 0 ||
+            data_provider->remaining_bytes() < sizeof(vec_size)) {
+            return -1;
+        }
+        return data_provider->ConsumeIntegralInRange<decltype(vec_size)>(
+            0, vec_size - 1);
+    }
+
+    size_t get_next_alloc_size() { return 0; }
+};
+} // namespace fuzz