From 5922d57a184fcb27955d959e949e1ef68873bd19 Mon Sep 17 00:00:00 2001 From: Danylo Piliaiev Date: Mon, 17 Aug 2020 18:22:47 +0300 Subject: [PATCH] glsl: Eliminate assigments to out-of-bounds elements of vector MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Several optimization paths, including constant folding, can lead to indexing vector with an out of bounds index. Out-of-bounds writes could be eliminated per spec: Section 5.11 (Out-of-Bounds Accesses) of the GLSL 4.60 spec says: "In the subsections described above for array, vector, matrix and structure accesses, any out-of-bounds access produced undefined behavior.... Out-of-bounds writes may be discarded or overwrite other variables of the active program." Fixes piglit tests: spec@glsl-1.20@execution@vector-out-of-bounds-access@fs-vec4-out-of-bounds-1 spec@glsl-1.20@execution@vector-out-of-bounds-access@fs-vec4-out-of-bounds-6 CC: Signed-off-by: Danylo Piliaiev Reviewed-by: Eric Anholt Reviewed-by: Marcin Ślusarz Part-of: --- .gitlab-ci/piglit/quick_shader.txt | 6 ++--- src/compiler/glsl/lower_vector_derefs.cpp | 32 +++++++++++++++++------ 2 files changed, 26 insertions(+), 12 deletions(-) diff --git a/.gitlab-ci/piglit/quick_shader.txt b/.gitlab-ci/piglit/quick_shader.txt index ff29f613bc7..71a8b4f51af 100644 --- a/.gitlab-ci/piglit/quick_shader.txt +++ b/.gitlab-ci/piglit/quick_shader.txt @@ -369,8 +369,6 @@ spec/glsl-1.10/execution/built-in-functions/fs-pow-float-float: fail spec/glsl-1.10/execution/built-in-functions/vs-pow-float-float: fail spec/glsl-1.10/preprocessor/extension-defined-test: skip spec/glsl-1.10/preprocessor/extension-if-1: skip -spec/glsl-1.20/execution/vector-out-of-bounds-access/fs-vec4-out-of-bounds-1: crash -spec/glsl-1.20/execution/vector-out-of-bounds-access/fs-vec4-out-of-bounds-6: crash spec/glsl-1.30/execution/fs-texturegrad-miplevels: fail spec/glsl-1.30/execution/fs-texturelod-miplevels: fail spec/glsl-1.30/execution/fs-texturelod-miplevels-biased: fail @@ -592,9 +590,9 @@ spec/nv_viewport_swizzle/viewport_swizzle: skip summary: name: results ---- -------- - pass: 15784 + pass: 15786 fail: 104 - crash: 172 + crash: 170 skip: 315 timeout: 0 warn: 0 diff --git a/src/compiler/glsl/lower_vector_derefs.cpp b/src/compiler/glsl/lower_vector_derefs.cpp index 0c09630fa03..8a37e35b606 100644 --- a/src/compiler/glsl/lower_vector_derefs.cpp +++ b/src/compiler/glsl/lower_vector_derefs.cpp @@ -136,15 +136,31 @@ vector_deref_visitor::visit_enter(ir_assignment *ir) ir->write_mask = (1 << new_lhs->type->vector_elements) - 1; ir->set_lhs(new_lhs); } - } else if (new_lhs->ir_type != ir_type_swizzle) { - ir->set_lhs(new_lhs); - ir->write_mask = 1 << old_index_constant->get_uint_component(0); } else { - /* If the "new" LHS is a swizzle, use the set_lhs helper to instead - * swizzle the RHS. - */ - unsigned component[1] = { old_index_constant->get_uint_component(0) }; - ir->set_lhs(new(mem_ctx) ir_swizzle(new_lhs, component, 1)); + unsigned index = old_index_constant->get_uint_component(0); + + if (index >= new_lhs->type->vector_elements) { + /* Section 5.11 (Out-of-Bounds Accesses) of the GLSL 4.60 spec says: + * + * In the subsections described above for array, vector, matrix and + * structure accesses, any out-of-bounds access produced undefined + * behavior.... Out-of-bounds writes may be discarded or overwrite + * other variables of the active program. + */ + ir->remove(); + return visit_continue; + } + + if (new_lhs->ir_type != ir_type_swizzle) { + ir->set_lhs(new_lhs); + ir->write_mask = 1 << index; + } else { + /* If the "new" LHS is a swizzle, use the set_lhs helper to instead + * swizzle the RHS. + */ + unsigned component[1] = { index }; + ir->set_lhs(new(mem_ctx) ir_swizzle(new_lhs, component, 1)); + } } return ir_rvalue_enter_visitor::visit_enter(ir); -- 2.30.2