More grate concurrency tests (#999)

rennergade · web-flow · commit d66d56174905 · 2026-04-03T22:22:26.000-04:00
* threaded grate test

* threaded grate test

* update name

* skip list
diff --git a/skip_test_cases.txt b/skip_test_cases.txt
@@ -3,3 +3,4 @@ signal_tests/deterministic/signal_int_thread.c
 signal_tests/deterministic/signal_longjmp.c
 signal_tests/deterministic/signal_nodefer.c
 ci/deterministic/ci_intentional_failure_tmp.c
+concurrent-request/thread_race_grate.c
diff --git a/tests/grate-tests/concurrent-request/thread_race.c b/tests/grate-tests/concurrent-request/thread_race.c
@@ -0,0 +1,54 @@
+/* thread_race.c — Cage-side test for concurrent grate Store access (#961).
+ *
+ * Spawns NUM_THREADS threads that each call geteuid() (interposed by the
+ * grate) CALLS_PER_THREAD times. This forces concurrent
+ * grate_callback_trampoline invocations from different host threads into
+ * the same Wasmtime Store, reproducing the Store concurrency bug.
+ *
+ * The grate handler does heap allocations, shared state mutation, and
+ * pointer chasing to exercise the same memory patterns as a real grate
+ * (e.g. fdtables/DashMap).
+ *
+ * Pair with: thread_race_grate.c
+ * Run: lind-wasm thread_race_grate.cwasm thread_race.cwasm
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <pthread.h>
+#include <assert.h>
+
+#define NUM_THREADS      20
+#define CALLS_PER_THREAD 100000
+
+static void *thread_fn(void *arg) {
+    int tid = (int)(long)arg;
+    for (int i = 0; i < CALLS_PER_THREAD; i++) {
+        int ret = geteuid();
+        if (ret != 10) {
+            fprintf(stderr, "[thread %d] FAIL: iteration %d, expected 10, got %d\n",
+                    tid, i, ret);
+            assert(0);
+        }
+    }
+    return NULL;
+}
+
+int main(void) {
+    pthread_t threads[NUM_THREADS];
+
+    for (int i = 0; i < NUM_THREADS; i++) {
+        int ret = pthread_create(&threads[i], NULL, thread_fn, (void *)(long)i);
+        if (ret != 0) {
+            fprintf(stderr, "pthread_create failed: %d\n", ret);
+            exit(1);
+        }
+    }
+
+    for (int i = 0; i < NUM_THREADS; i++)
+        pthread_join(threads[i], NULL);
+
+    printf("[thread_race] PASS: %d threads x %d calls returned 10\n",
+           NUM_THREADS, CALLS_PER_THREAD);
+    return 0;
+}
diff --git a/tests/grate-tests/concurrent-request/thread_race_grate.c b/tests/grate-tests/concurrent-request/thread_race_grate.c
@@ -0,0 +1,129 @@
+/* thread_race_grate.c — Grate for concurrent Store access test (#961).
+ *
+ * Interposes on geteuid (syscall 107) and does heap-heavy work in the
+ * handler: lazy-init shared structures, realloc under contention,
+ * ring-buffer malloc/free churn. This exercises the same patterns as a
+ * real Rust grate (fdtables/DashMap) under concurrent access.
+ *
+ * Without the fix for #961 (separate Store per pool entry), this test
+ * should crash with index-out-of-bounds in func.rs, memory faults, or
+ * other Store corruption symptoms.
+ */
+#include <errno.h>
+#include <lind_syscall.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <unistd.h>
+#include <assert.h>
+
+int pass_fptr_to_wt(uint64_t fn_ptr_uint, uint64_t cageid, uint64_t arg1,
+                    uint64_t arg1cage, uint64_t arg2, uint64_t arg2cage,
+                    uint64_t arg3, uint64_t arg3cage, uint64_t arg4,
+                    uint64_t arg4cage, uint64_t arg5, uint64_t arg5cage,
+                    uint64_t arg6, uint64_t arg6cage) {
+    if (fn_ptr_uint == 0) {
+        fprintf(stderr, "[thread_race] Invalid function ptr\n");
+        assert(0);
+    }
+
+    int (*fn)(uint64_t) = (int (*)(uint64_t))(uintptr_t)fn_ptr_uint;
+    return fn(cageid);
+}
+
+/* Persistent shared state — simulates what a real grate maintains
+ * across calls (e.g. fdtables DashMap, logging buffers, counters). */
+static int *call_counts = NULL;     /* per-cage call counter array */
+static int call_counts_cap = 0;
+static char **log_ring = NULL;      /* circular log buffer */
+static int log_ring_size = 64;
+static int log_next = 0;
+
+/* Simulate what a real grate handler does: persistent heap state,
+ * growing data structures, lookups, and writes to shared memory.
+ * This exercises dlmalloc contention, shared global mutation, and
+ * pointer chasing — the same patterns as fdtables/DashMap in Rust. */
+int thread_race_handler(uint64_t cageid) {
+    int id = (int)cageid;
+
+    /* Lazy init of shared state — races here mirror DashMap lazy init */
+    if (!call_counts) {
+        call_counts_cap = 64;
+        call_counts = calloc(call_counts_cap, sizeof(int));
+        if (!call_counts) return -1;
+    }
+
+    if (!log_ring) {
+        log_ring = calloc(log_ring_size, sizeof(char *));
+        if (!log_ring) return -1;
+    }
+
+    /* Grow the counter array if needed — realloc under contention */
+    if (id >= call_counts_cap) {
+        int new_cap = call_counts_cap * 2;
+        while (id >= new_cap) new_cap *= 2;
+        int *new_counts = realloc(call_counts, new_cap * sizeof(int));
+        if (!new_counts) return -1;
+        for (int i = call_counts_cap; i < new_cap; i++)
+            new_counts[i] = 0;
+        call_counts = new_counts;
+        call_counts_cap = new_cap;
+    }
+
+    /* Increment per-cage counter — shared write */
+    call_counts[id]++;
+
+    /* Allocate a log entry, write to it, store in ring buffer, free old */
+    int slot = log_next % log_ring_size;
+    log_next++;
+
+    char *entry = malloc(128);
+    if (!entry) return -1;
+    snprintf(entry, 128, "cage=%d call=%d", id, call_counts[id]);
+
+    char *old = log_ring[slot];
+    log_ring[slot] = entry;
+    free(old);  /* free previous entry in this slot */
+
+    return 10;
+}
+
+int main(int argc, char *argv[]) {
+    if (argc < 2) {
+        fprintf(stderr, "Usage: %s <cage_binary> [args...]\n", argv[0]);
+        assert(0);
+    }
+
+    int grateid = getpid();
+
+    pid_t pid = fork();
+    if (pid < 0) {
+        perror("fork failed");
+        assert(0);
+    } else if (pid == 0) {
+        int cageid = getpid();
+        uint64_t fn_ptr_addr = (uint64_t)(uintptr_t)&thread_race_handler;
+        printf("[thread_race] Registering handler for cage %d "
+               "in grate %d with fn ptr addr: %llu\n",
+               cageid, grateid, fn_ptr_addr);
+        register_handler(cageid, 107, grateid, fn_ptr_addr);
+
+        if (execv(argv[1], &argv[1]) == -1) {
+            perror("execv failed");
+            assert(0);
+        }
+    }
+
+    int status;
+    while (wait(&status) > 0) {
+        if (status != 0) {
+            fprintf(stderr, "[thread_race] FAIL: child exited with status %d\n",
+                    status);
+            assert(0);
+        }
+    }
+
+    printf("[thread_race] PASS\n");
+    return 0;
+}
