ir_constant: Return zero on out-of-bounds vector accesses
authorDanylo Piliaiev <danylo.piliaiev@globallogic.com>
Mon, 17 Aug 2020 15:13:24 +0000 (18:13 +0300)
committerMarge Bot <eric+marge@anholt.net>
Fri, 21 Aug 2020 15:00:51 +0000 (15:00 +0000)
Several optimization paths, including constant folding, can lead to
accessing an ir_constant vector with an out of bounds index.

Return 0 since GL_ARB_robustness and GL_KHR_robustness encourage
us to do so.

Fixes piglit tests:
spec@glsl-1.20@execution@vector-out-of-bounds-access@fs-vec4-out-of-bounds-2
spec@glsl-1.20@execution@vector-out-of-bounds-access@fs-vec4-out-of-bounds-4
spec@glsl-1.20@execution@vector-out-of-bounds-access@fs-vec4-out-of-bounds-5

Closes: https://gitlab.freedesktop.org/mesa/mesa/-/issues/2604
CC: <mesa-stable@lists.freedesktop.org>
Signed-off-by: Danylo Piliaiev <danylo.piliaiev@globallogic.com>
Reviewed-by: Eric Anholt <eric@anholt.net>
Reviewed-by: Marcin Ĺšlusarz <marcin.slusarz@intel.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/6363>

.gitlab-ci/piglit/quick_shader.txt
src/compiler/glsl/ir.cpp

index 1f1c83e86b0b83fcbd27a4d4a358dc0a1faae9d8..ff29f613bc7b59e8f69984c49a6cacef1dec7d57 100644 (file)
@@ -370,9 +370,6 @@ spec/glsl-1.10/execution/built-in-functions/vs-pow-float-float: fail
 spec/glsl-1.10/preprocessor/extension-defined-test: skip
 spec/glsl-1.10/preprocessor/extension-if-1: skip
 spec/glsl-1.20/execution/vector-out-of-bounds-access/fs-vec4-out-of-bounds-1: crash
-spec/glsl-1.20/execution/vector-out-of-bounds-access/fs-vec4-out-of-bounds-2: crash
-spec/glsl-1.20/execution/vector-out-of-bounds-access/fs-vec4-out-of-bounds-4: crash
-spec/glsl-1.20/execution/vector-out-of-bounds-access/fs-vec4-out-of-bounds-5: crash
 spec/glsl-1.20/execution/vector-out-of-bounds-access/fs-vec4-out-of-bounds-6: crash
 spec/glsl-1.30/execution/fs-texturegrad-miplevels: fail
 spec/glsl-1.30/execution/fs-texturelod-miplevels: fail
@@ -595,9 +592,9 @@ spec/nv_viewport_swizzle/viewport_swizzle: skip
 summary:
        name:  results
        ----  --------
-       pass:    15781
+       pass:    15784
        fail:      104
-      crash:      175
+      crash:      172
        skip:      315
     timeout:        0
        warn:        0
index 607cb3e78ef27dfccd03c94618cb5e7b727a4c33..71be1e1c7c133e14769b6e482cb0d6c2d0187a41 100644 (file)
@@ -857,6 +857,20 @@ ir_constant::ir_constant(const ir_constant *c, unsigned i)
    this->const_elements = NULL;
    this->type = c->type->get_base_type();
 
+   /* Section 5.11 (Out-of-Bounds Accesses) of the GLSL 4.60 spec says:
+    *
+    *    In the subsections described above for array, vector, matrix and
+    *    structure accesses, any out-of-bounds access produced undefined
+    *    behavior....Out-of-bounds reads return undefined values, which
+    *    include values from other variables of the active program or zero.
+    *
+    * GL_KHR_robustness and GL_ARB_robustness encourage us to return zero.
+    */
+   if (i >= c->type->vector_elements) {
+      this->value = { { 0 } };
+      return;
+   }
+
    switch (this->type->base_type) {
    case GLSL_TYPE_UINT16:  this->value.u16[0] = c->value.u16[i]; break;
    case GLSL_TYPE_INT16:  this->value.i16[0] = c->value.i16[i]; break;