New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 738281 link

Starred by 1 user
Status: Verified
Owner:
oetu...@nvidia.com
Email to this user bounced
Closed: Jul 2017
Cc:
oetu...@nvidia.com
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug

Blocking:
issue 732652



Sign in to add a comment

FragmentShaderValidationTest.LayoutQualifierInCondition test fails under CFI

Project Member Reported by p...@chromium.org, Jun 30 2017 
Chrome Version: trunk
OS: Linux

What steps will reproduce the problem?
(1) cat args.gn
allow_posix_link_time_opt = true
dcheck_always_on = true
is_cfi = true
is_component_build = false
is_debug = false
strip_absolute_paths_from_debug_symbols = true
use_cfi_cast = true
use_cfi_diag = true
use_goma = true
use_thin_lto = true
(2) ninja angle_unittests
(3) UBSAN_OPTIONS=print_stacktrace=1 ./angle_unittests --gtest_filter=FragmentShaderValidationTest.LayoutQualifierInCondition


What is the expected result?

test passes


What happens instead?

../../third_party/angle/src/compiler/translator/glslang_tab.cpp:4774:95: runtime error: control flow integrity check for type 'sh::TIntermTyped' failed during cast to unrelated type (vtable address 0x0000002b4950)
0x0000002b4950: note: vtable is of type 'sh::TIntermDeclaration'
 00 00 00 00  a0 f7 92 00 00 00 00 00  e0 f7 92 00 00 00 00 00  70 c8 92 00 00 00 00 00  50 b5 71 00
              ^ 
    #0 0x9649e4 in yyparse(sh::TParseContext*, void*) out_gn/cfi_bot/../../third_party/angle/src/compiler/translator/glslang_tab.cpp:4774:95
    #1 0x93ee2c in sh::PaParseStrings(unsigned long, char const* const*, int const*, sh::TParseContext*) out_gn/cfi_bot/../../third_party/angle/src/compiler/translator/ParseContext.cpp:5071:17
    #2 0x8faf5d in sh::TCompiler::compileTreeImpl(char const* const*, unsigned long, unsigned long) out_gn/cfi_bot/../../third_party/angle/src/compiler/translator/Compiler.cpp:304:21
    #3 0x7bb50a in sh::ShaderCompileTreeTest::compile(std::string const&) out_gn/cfi_bot/../../third_party/angle/src/tests/test_utils/ShaderCompileTreeTest.cpp:41:29
    #4 0x7393a2 in FragmentShaderValidationTest_LayoutQualifierInCondition_Test::TestBody() out_gn/cfi_bot/../../third_party/angle/src/tests/compiler_tests/ShaderValidation_test.cpp:681:9
    #5 0x7dbcff in testing::Test::Run() out_gn/cfi_bot/../../third_party/googletest/src/googletest/src/gtest.cc:2471:5
    #6 0x7dc45d in testing::TestInfo::Run() out_gn/cfi_bot/../../third_party/googletest/src/googletest/src/gtest.cc:2653:11
    #7 0x7dcb61 in testing::TestCase::Run() out_gn/cfi_bot/../../third_party/googletest/src/googletest/src/gtest.cc:2771:28
    #8 0x7e0ce2 in testing::internal::UnitTestImpl::RunAllTests() out_gn/cfi_bot/../../third_party/googletest/src/googletest/src/gtest.cc:4648:43
    #9 0x7e0a0c in testing::UnitTest::Run() out_gn/cfi_bot/../../third_party/googletest/src/googletest/src/gtest.cc:4256:10
    #10 0x88b112 in base::TestSuite::Run() out_gn/cfi_bot/../../base/test/test_suite.cc:271:16
    #11 0x7bbc44 in (anonymous namespace)::RunHelper(base::TestSuite*) out_gn/cfi_bot/../../gpu/angle_unittest_main.cc:19:22
    #12 0x7bbe2d in int base::internal::Invoker<base::internal::BindState<int (*)(base::TestSuite*), base::internal::UnretainedWrapper<base::TestSuite> >, int ()>::RunImpl<int (* const&)(base::TestSuite*), std::tuple<base::internal::UnretainedWrapper<base::TestSuite> > const&, 0ul>(int (* const&)(base::TestSuite*), std::tuple<base::internal::UnretainedWrapper<base::TestSuite> > const&, base::IndexSequence<0ul>) out_gn/cfi_bot/../../base/bind_internal.h:351:12
    #13 0x890c7e in base::(anonymous namespace)::LaunchUnitTestsInternal(base::Callback<int (), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&, int, int, bool, base::Callback<void (), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&) out_gn/cfi_bot/../../base/test/launcher/unit_test_launcher.cc:216:27
    #14 0x890f3d in base::LaunchUnitTestsSerially(int, char**, base::Callback<int (), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&) out_gn/cfi_bot/../../base/test/launcher/unit_test_launcher.cc:470:10
    #15 0x7bbb93 in main out_gn/cfi_bot/../../gpu/angle_unittest_main.cc:29:12
    #16 0x7fcd423cef44 in __libc_start_main /build/eglibc-MjiXCM/eglibc-2.19/csu/libc-start.c:287

Please use labels and text to provide additional information.

Appears to be caused by https://chromium-review.googlesource.com/539639

This issue is affecting the "CFI Linux Full" bot, e.g. https://build.chromium.org/p/chromium.fyi/builders/CFI%20Linux%20Full/builds/2317
and is blocking us from moving it to chromium.memory.

Comment 1 by oetu...@nvidia.com, Jun 30 2017

Owner: oetu...@nvidia.com
Status: Started (was: Untriaged)
I have a fix under way.
Project Member

Comment 2 by bugdroid1@chromium.org, Jun 30 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/angle/angle/+/690057da3e67d91fbfe9e5c6571034036d8188e2

commit 690057da3e67d91fbfe9e5c6571034036d8188e2
Author: Olli Etuaho <oetuaho@nvidia.com>
Date: Fri Jun 30 14:34:26 2017

Remove incorrect cast of loop condition in GLSL parsing

Loop condition node may be a declaration node when coming from the
parser, so it shouldn't be casted to TIntermTyped*.

BUG= chromium:738281 
TEST=angle_unittests under CFI

Change-Id: Ie98befc4b02b1261949049ddff49404d73db8478
Reviewed-on: https://chromium-review.googlesource.com/558083
Reviewed-by: Jamie Madill <jmadill@chromium.org>
Commit-Queue: Olli Etuaho <oetuaho@nvidia.com>

[modify] https://crrev.com/690057da3e67d91fbfe9e5c6571034036d8188e2/src/compiler/translator/glslang_tab.cpp
[modify] https://crrev.com/690057da3e67d91fbfe9e5c6571034036d8188e2/src/compiler/translator/glslang.y

Comment 3 by oetu...@nvidia.com, Jun 30 2017 

Should be fixed in the next ANGLE roll.
Project Member

Comment 4 by bugdroid1@chromium.org, Jul 4 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/8a2ea034686149648ecfc52f32b5d44b1e57a844

commit 8a2ea034686149648ecfc52f32b5d44b1e57a844
Author: Geoff Lang <geofflang@chromium.org>
Date: Tue Jul 04 19:51:49 2017

Roll ANGLE f0be43f..e145def

https://chromium.googlesource.com/angle/angle.git/+log/f0be43f..e145def

BUG= chromium:738281 

TBR=jmadill@chromium.org

TEST=bots

CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.win:win_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel

Merge branch 'master' of https://chromium.googlesource.com/chromium/src


Update the WebGL2 conformance expectations for the passthrough cmd decoder.

TBR=zmo@chromium.org
NOTRY=true

BUG= 668223 

Cq-Include-Trybots: master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel
Change-Id: Idd68c32bf0ff93b23ef2a532f5f2bab743e8271f
Reviewed-on: https://chromium-review.googlesource.com/558610
Commit-Queue: Geoff Lang <geofflang@chromium.org>
Reviewed-by: Geoff Lang <geofflang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#484151}
[modify] https://crrev.com/8a2ea034686149648ecfc52f32b5d44b1e57a844/DEPS

Comment 5 by p...@chromium.org, Jul 5 2017

Status: Verified (was: Started)
https://build.chromium.org/p/chromium.fyi/builders/CFI%20Linux%20Full/builds/2352

Looks like this has stopped failing on the bot. Thanks!

Sign in to add a comment